# Flog Txt Version 1 # Analyzer Version: 2.3.0 # Analyzer Build Date: Apr 12 2018 14:32:59 # Log Creation Date: 13.07.2018 07:59:56.264 Process: id = "1" image_name = "c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" page_root = "0x510dc000" os_pid = "0x948" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 5 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 6 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 7 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 8 start_va = 0x400000 end_va = 0x42efff entry_point = 0x400000 region_type = mapped_file name = "c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe") Region: id = 9 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10 start_va = 0x77e30000 end_va = 0x77faffff entry_point = 0x77e30000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 11 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 12 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 13 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 14 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 15 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 16 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 17 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 150 start_va = 0x2b0000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 151 start_va = 0x75360000 end_va = 0x75367fff entry_point = 0x75360000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 152 start_va = 0x75370000 end_va = 0x753cbfff entry_point = 0x75370000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 153 start_va = 0x753d0000 end_va = 0x7540efff entry_point = 0x753d0000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 154 start_va = 0x530000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 155 start_va = 0x75bb0000 end_va = 0x75bf5fff entry_point = 0x75bb0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 156 start_va = 0x75fd0000 end_va = 0x760dffff entry_point = 0x75fd0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 157 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x0 region_type = private name = "private_0x0000000077a30000" filename = "" Region: id = 158 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x0 region_type = private name = "private_0x0000000077b50000" filename = "" Region: id = 159 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 160 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 161 start_va = 0x756e0000 end_va = 0x756e4fff entry_point = 0x756e0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 162 start_va = 0x756f0000 end_va = 0x7570bfff entry_point = 0x756f0000 region_type = mapped_file name = "oledlg.dll" filename = "\\Windows\\SysWOW64\\oledlg.dll" (normalized: "c:\\windows\\syswow64\\oledlg.dll") Region: id = 163 start_va = 0x75710000 end_va = 0x7574bfff entry_point = 0x75710000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 164 start_va = 0x75750000 end_va = 0x75781fff entry_point = 0x75750000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 165 start_va = 0x75790000 end_va = 0x757e0fff entry_point = 0x75790000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 166 start_va = 0x757f0000 end_va = 0x75873fff entry_point = 0x757f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 167 start_va = 0x75980000 end_va = 0x7598bfff entry_point = 0x75980000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 168 start_va = 0x75990000 end_va = 0x759effff entry_point = 0x75990000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 169 start_va = 0x75a30000 end_va = 0x75a48fff entry_point = 0x75a30000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 170 start_va = 0x760e0000 end_va = 0x7617ffff entry_point = 0x760e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 171 start_va = 0x76180000 end_va = 0x761d6fff entry_point = 0x76180000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 172 start_va = 0x763c0000 end_va = 0x763c9fff entry_point = 0x763c0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 173 start_va = 0x763e0000 end_va = 0x764dffff entry_point = 0x763e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 174 start_va = 0x76670000 end_va = 0x7671bfff entry_point = 0x76670000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 175 start_va = 0x767f0000 end_va = 0x7686afff entry_point = 0x767f0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 176 start_va = 0x76920000 end_va = 0x77569fff entry_point = 0x76920000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 177 start_va = 0x775d0000 end_va = 0x776bffff entry_point = 0x775d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 178 start_va = 0x776c0000 end_va = 0x7781bfff entry_point = 0x776c0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 179 start_va = 0x77820000 end_va = 0x778affff entry_point = 0x77820000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 180 start_va = 0x77990000 end_va = 0x77a2cfff entry_point = 0x77990000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 181 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 182 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 183 start_va = 0x790000 end_va = 0x79ffff entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 184 start_va = 0x7a0000 end_va = 0x927fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 185 start_va = 0x76720000 end_va = 0x767ebfff entry_point = 0x76720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 186 start_va = 0x77570000 end_va = 0x775cffff entry_point = 0x77570000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 187 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 188 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 189 start_va = 0x220000 end_va = 0x220fff entry_point = 0x220000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 190 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 191 start_va = 0x270000 end_va = 0x28afff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 192 start_va = 0x500000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 193 start_va = 0x630000 end_va = 0x72ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 194 start_va = 0x930000 end_va = 0xab0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 195 start_va = 0xac0000 end_va = 0x1ebffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 196 start_va = 0x2050000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 197 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 198 start_va = 0x290000 end_va = 0x2a1fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 199 start_va = 0x330000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 200 start_va = 0x2060000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 201 start_va = 0x1ec0000 end_va = 0x1fbffff entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 202 start_va = 0x370000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 203 start_va = 0x2060000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 204 start_va = 0x2250000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 205 start_va = 0x756c0000 end_va = 0x756d5fff entry_point = 0x756c0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 206 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 207 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 208 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 209 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 210 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 211 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 212 start_va = 0x75680000 end_va = 0x756bafff entry_point = 0x75680000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 213 start_va = 0x2260000 end_va = 0x252efff entry_point = 0x2260000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 214 start_va = 0x75a60000 end_va = 0x75b7cfff entry_point = 0x75a60000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 215 start_va = 0x763d0000 end_va = 0x763dbfff entry_point = 0x763d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Thread: id = 1 os_tid = 0x94c [0034.495] ImageList_DragLeave (hwndLock=0x74d88) returned 0 [0034.495] ImageList_DragLeave (hwndLock=0x6f743) returned 0 [0034.495] InitCommonControls () [0034.495] ImageList_DragLeave (hwndLock=0x7345b) returned 0 [0034.495] ImageList_DragEnter (hwndLock=0x705f9, x=103, y=375) returned 0 [0034.495] ImageList_DragEnter (hwndLock=0x3e954, x=489, y=141) returned 0 [0034.495] ImageList_DragMove (x=245, y=179) returned 0 [0034.495] ImageList_DragMove (x=206, y=455) returned 0 [0034.495] ImageList_DragLeave (hwndLock=0x3b579) returned 0 [0034.496] ImageList_EndDrag () [0034.496] ImageList_DragMove (x=230, y=299) returned 0 [0034.496] InitCommonControls () [0034.496] InitCommonControls () [0034.496] ImageList_DragLeave (hwndLock=0x3c00c) returned 0 [0034.496] ImageList_DragMove (x=438, y=399) returned 0 [0034.496] ImageList_EndDrag () [0034.496] ImageList_DragMove (x=216, y=73) returned 0 [0034.496] ImageList_BeginDrag (himlTrack=0x0, iTrack=50, dxHotspot=99, dyHotspot=463) returned 0 [0034.496] ImageList_EndDrag () [0034.496] ImageList_DragLeave (hwndLock=0x361eb) returned 0 [0034.496] ImageList_EndDrag () [0034.496] ImageList_EndDrag () [0034.496] ImageList_DragEnter (hwndLock=0x18a13, x=297, y=462) returned 0 [0034.496] ImageList_DragMove (x=120, y=282) returned 0 [0034.496] ImageList_DragMove (x=322, y=378) returned 0 [0034.496] ImageList_BeginDrag (himlTrack=0x46d6d, iTrack=35, dxHotspot=205, dyHotspot=218) returned 0 [0034.496] ImageList_DragEnter (hwndLock=0x55c45, x=328, y=173) returned 0 [0034.496] ImageList_DragEnter (hwndLock=0x7f1e, x=240, y=35) returned 0 [0034.496] ImageList_DragMove (x=191, y=218) returned 0 [0034.496] ImageList_EndDrag () [0034.496] ImageList_EndDrag () [0034.496] InitCommonControls () [0034.496] ImageList_DragMove (x=261, y=313) returned 0 [0034.496] ImageList_BeginDrag (himlTrack=0x18febc, iTrack=72, dxHotspot=220, dyHotspot=105) returned 0 [0034.496] ImageList_EndDrag () [0034.497] ImageList_DragMove (x=461, y=70) returned 0 [0034.497] ImageList_DragLeave (hwndLock=0x10a00) returned 0 [0034.497] InitCommonControls () [0034.497] ImageList_DragEnter (hwndLock=0x37369, x=152, y=473) returned 0 [0034.497] InitCommonControls () [0034.497] ImageList_DragEnter (hwndLock=0x76a51, x=159, y=362) returned 0 [0034.497] ImageList_DragMove (x=8, y=25) returned 0 [0034.497] ImageList_DragEnter (hwndLock=0x666cd, x=356, y=4) returned 0 [0034.497] ImageList_EndDrag () [0034.497] ImageList_EndDrag () [0034.497] ImageList_BeginDrag (himlTrack=0x5deb7, iTrack=24, dxHotspot=51, dyHotspot=119) returned 0 [0034.497] ImageList_DragMove (x=500, y=353) returned 0 [0034.497] ImageList_DragEnter (hwndLock=0x3983f, x=296, y=444) returned 0 [0034.497] ImageList_DragEnter (hwndLock=0x20f04, x=121, y=464) returned 0 [0034.497] InitCommonControls () [0034.497] InitCommonControls () [0034.497] ImageList_BeginDrag (himlTrack=0x61dbb, iTrack=26, dxHotspot=307, dyHotspot=13) returned 0 [0034.497] ImageList_DragLeave (hwndLock=0x7024f) returned 0 [0034.497] InitCommonControls () [0034.497] InitCommonControls () [0034.497] ImageList_BeginDrag (himlTrack=0x15214, iTrack=50, dxHotspot=215, dyHotspot=6) returned 0 [0034.497] ImageList_EndDrag () [0034.497] ImageList_DragLeave (hwndLock=0x4e742) returned 0 [0034.497] InitCommonControls () [0034.497] ImageList_BeginDrag (himlTrack=0x379c7, iTrack=42, dxHotspot=156, dyHotspot=147) returned 0 [0034.497] InitCommonControls () [0034.497] ImageList_BeginDrag (himlTrack=0x41fd, iTrack=64, dxHotspot=373, dyHotspot=310) returned 0 [0034.497] ImageList_DragEnter (hwndLock=0x0, x=414, y=314) returned 0 [0034.498] ImageList_BeginDrag (himlTrack=0x4c67d, iTrack=44, dxHotspot=133, dyHotspot=98) returned 0 [0034.498] ImageList_DragMove (x=421, y=446) returned 0 [0034.498] ImageList_DragEnter (hwndLock=0x34b3d, x=428, y=123) returned 0 [0034.498] ImageList_DragEnter (hwndLock=0x3608b, x=26, y=439) returned 0 [0034.498] InitCommonControls () [0034.498] ImageList_DragEnter (hwndLock=0x371bc, x=64, y=367) returned 0 [0034.498] ImageList_EndDrag () [0034.498] ImageList_DragMove (x=402, y=394) returned 0 [0034.498] InitCommonControls () [0034.498] ImageList_DragMove (x=13, y=233) returned 0 [0034.498] ImageList_BeginDrag (himlTrack=0x7ffa0, iTrack=79, dxHotspot=55, dyHotspot=98) returned 0 [0034.506] ImageList_EndDrag () [0034.506] ImageList_DragLeave (hwndLock=0xa695) returned 0 [0034.506] ImageList_BeginDrag (himlTrack=0x21569, iTrack=56, dxHotspot=216, dyHotspot=36) returned 0 [0034.506] ImageList_DragMove (x=444, y=459) returned 0 [0034.506] ImageList_DragLeave (hwndLock=0x1ab1e) returned 0 [0034.506] ImageList_BeginDrag (himlTrack=0x2ed9e, iTrack=22, dxHotspot=323, dyHotspot=138) returned 0 [0034.506] ImageList_DragEnter (hwndLock=0x30c38, x=258, y=471) returned 0 [0034.506] ImageList_DragLeave (hwndLock=0x27201) returned 0 [0034.506] ImageList_EndDrag () [0034.506] ImageList_EndDrag () [0034.506] ImageList_BeginDrag (himlTrack=0x23de6, iTrack=100, dxHotspot=462, dyHotspot=407) returned 0 [0034.506] ImageList_BeginDrag (himlTrack=0x9597, iTrack=26, dxHotspot=321, dyHotspot=44) returned 0 [0034.506] ImageList_BeginDrag (himlTrack=0x2fadd, iTrack=75, dxHotspot=6, dyHotspot=0) returned 0 [0034.506] InitCommonControls () [0034.507] ImageList_BeginDrag (himlTrack=0x18ff3c, iTrack=17, dxHotspot=219, dyHotspot=407) returned 0 [0034.507] ImageList_DragEnter (hwndLock=0x310da, x=195, y=145) returned 0 [0034.507] ImageList_EndDrag () [0034.507] ImageList_DragLeave (hwndLock=0x5b740) returned 0 [0034.507] ImageList_EndDrag () [0034.507] ImageList_DragLeave (hwndLock=0x2ee3d) returned 0 [0034.507] ImageList_BeginDrag (himlTrack=0x73355, iTrack=0, dxHotspot=66, dyHotspot=377) returned 0 [0034.507] ImageList_EndDrag () [0034.507] ImageList_DragEnter (hwndLock=0xbe8d, x=374, y=19) returned 0 [0034.507] ImageList_DragMove (x=208, y=168) returned 0 [0034.507] InitCommonControls () [0034.507] InitCommonControls () [0034.507] GetACP () returned 0x4e4 [0034.507] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.508] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.509] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.510] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.511] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.512] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.513] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.514] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.515] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.516] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.517] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.518] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.519] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.520] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.521] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.522] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.523] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.524] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.525] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.526] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.527] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.528] GetACP () returned 0x4e4 [0034.529] GetACP () returned 0x4e4 [0034.818] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.819] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.820] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.821] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.822] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.823] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.824] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.825] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.826] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.827] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.828] GetACP () returned 0x4e4 [0034.830] GetACP () returned 0x4e4 [0034.834] GetACP () returned 0x4e4 [0034.834] GetACP () returned 0x4e4 [0034.834] GetACP () returned 0x4e4 [0034.836] GetACP () returned 0x4e4 [0034.836] GetACP () returned 0x4e4 [0034.836] GetACP () returned 0x4e4 [0034.836] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.837] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.838] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.839] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.840] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.841] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.842] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.843] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.844] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.845] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.846] GetACP () returned 0x4e4 [0034.850] GetACP () returned 0x4e4 [0034.850] GetACP () returned 0x4e4 [0034.850] GetACP () returned 0x4e4 [0035.208] GetACP () returned 0x4e4 [0035.208] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.209] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.210] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.211] GetACP () returned 0x4e4 [0035.212] GetACP () returned 0x4e4 [0035.212] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.237] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.238] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.239] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.240] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.241] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.242] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.243] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.244] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.245] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.246] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.247] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.248] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.249] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.250] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.251] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.252] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.253] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.254] GetACP () returned 0x4e4 [0035.255] GetACP () returned 0x4e4 [0035.255] GetACP () returned 0x4e4 [0035.255] GetACP () returned 0x4e4 [0035.255] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.457] GetACP () returned 0x4e4 [0035.458] GetACP () returned 0x4e4 [0035.458] GetACP () returned 0x4e4 [0035.458] GetACP () returned 0x4e4 [0035.458] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.459] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.460] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.461] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.462] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.463] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.464] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.465] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.466] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.467] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.468] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.469] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.470] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.471] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.472] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.473] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.474] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.475] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.476] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.477] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.478] GetACP () returned 0x4e4 [0035.479] GetACP () returned 0x4e4 [0035.479] GetACP () returned 0x4e4 [0035.479] GetACP () returned 0x4e4 [0035.479] GetACP () returned 0x4e4 [0035.683] GetACP () returned 0x4e4 [0035.683] GetACP () returned 0x4e4 [0035.683] GetACP () returned 0x4e4 [0035.683] GetACP () returned 0x4e4 [0035.683] GetACP () returned 0x4e4 [0035.683] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.684] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.685] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.686] GetACP () returned 0x4e4 [0035.687] GetACP () returned 0x4e4 [0035.687] GetACP () returned 0x4e4 [0035.687] GetACP () returned 0x4e4 [0035.687] GetACP () returned 0x4e4 [0035.687] GetACP () returned 0x4e4 [0035.687] GetACP () returned 0x4e4 [0035.688] GetACP () returned 0x4e4 [0035.688] GetACP () returned 0x4e4 [0035.688] GetACP () returned 0x4e4 [0035.688] GetACP () returned 0x4e4 [0035.688] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.689] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.690] GetACP () returned 0x4e4 [0035.691] GetACP () returned 0x4e4 [0035.691] GetACP () returned 0x4e4 [0035.691] GetACP () returned 0x4e4 [0035.691] GetACP () returned 0x4e4 [0035.691] GetACP () returned 0x4e4 [0035.691] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.694] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.695] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.696] GetACP () returned 0x4e4 [0035.697] GetACP () returned 0x4e4 [0035.697] GetACP () returned 0x4e4 [0035.697] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.698] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.699] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.700] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.701] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.702] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.703] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.704] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.705] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.706] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.707] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.708] GetACP () returned 0x4e4 [0035.709] GetACP () returned 0x4e4 [0035.709] GetACP () returned 0x4e4 [0035.709] GetACP () returned 0x4e4 [0035.709] GetACP () returned 0x4e4 [0035.709] GetACP () returned 0x4e4 [0035.709] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.878] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.879] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.880] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.881] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.882] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.883] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.884] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.885] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.886] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.889] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.890] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.891] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.892] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.893] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.894] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.895] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.896] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.897] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.898] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.899] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.900] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.901] GetACP () returned 0x4e4 [0035.956] GetACP () returned 0x4e4 [0035.956] GetACP () returned 0x4e4 [0035.956] GetACP () returned 0x4e4 [0035.956] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.957] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.958] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.959] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.960] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.961] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.962] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.963] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.964] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.965] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.966] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.967] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.968] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.969] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.970] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.971] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.972] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.973] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.974] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.975] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.976] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0035.977] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.159] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.160] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.161] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.162] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.163] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.164] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.165] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.166] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.167] GetACP () returned 0x4e4 [0036.168] GetACP () returned 0x4e4 [0036.168] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.176] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.177] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.178] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.179] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.180] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.181] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.182] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.183] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.184] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.185] GetACP () returned 0x4e4 [0036.186] GetACP () returned 0x4e4 [0036.186] GetACP () returned 0x4e4 [0036.187] GetACP () returned 0x4e4 [0036.187] GetACP () returned 0x4e4 [0036.187] GetACP () returned 0x4e4 [0036.412] GetACP () returned 0x4e4 [0036.412] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.413] GetACP () returned 0x4e4 [0036.414] GetACP () returned 0x4e4 [0036.414] GetACP () returned 0x4e4 [0036.414] GetACP () returned 0x4e4 [0036.414] GetACP () returned 0x4e4 [0036.414] GetACP () returned 0x4e4 [0036.415] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.422] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.423] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.424] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.425] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.426] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.427] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.428] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.429] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.430] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.438] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.439] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.440] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.441] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.442] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.443] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.444] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.445] GetACP () returned 0x4e4 [0036.446] GetACP () returned 0x4e4 [0036.446] GetACP () returned 0x4e4 [0036.446] GetACP () returned 0x4e4 [0036.446] GetACP () returned 0x4e4 [0036.446] GetACP () returned 0x4e4 [0036.446] GetACP () returned 0x4e4 [0036.453] GetACP () returned 0x4e4 [0036.453] GetACP () returned 0x4e4 [0036.453] GetACP () returned 0x4e4 [0036.453] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.454] GetACP () returned 0x4e4 [0036.455] GetACP () returned 0x4e4 [0036.455] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.456] GetACP () returned 0x4e4 [0036.588] GetACP () returned 0x4e4 [0036.588] GetACP () returned 0x4e4 [0036.588] GetACP () returned 0x4e4 [0036.588] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.589] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.594] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.595] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.596] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.597] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.598] GetACP () returned 0x4e4 [0036.599] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.600] GetACP () returned 0x4e4 [0036.601] GetACP () returned 0x4e4 [0036.609] GetACP () returned 0x4e4 [0036.609] GetACP () returned 0x4e4 [0036.609] GetACP () returned 0x4e4 [0036.609] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.610] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.611] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.612] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.613] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.614] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.615] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.616] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.617] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.618] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.619] GetACP () returned 0x4e4 [0036.621] GetACP () returned 0x4e4 [0036.621] GetACP () returned 0x4e4 [0036.621] GetACP () returned 0x4e4 [0036.621] GetACP () returned 0x4e4 [0036.621] GetACP () returned 0x4e4 [0036.621] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.622] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.623] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.625] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.626] GetACP () returned 0x4e4 [0036.640] GetACP () returned 0x4e4 [0036.640] GetACP () returned 0x4e4 [0036.814] GetACP () returned 0x4e4 [0036.814] GetACP () returned 0x4e4 [0036.814] GetACP () returned 0x4e4 [0036.814] GetACP () returned 0x4e4 [0036.814] GetACP () returned 0x4e4 [0036.814] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.815] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.816] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.817] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.818] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.819] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.820] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.821] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.822] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.823] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.824] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.825] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.826] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.827] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.828] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.829] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.830] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.831] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.832] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.833] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.834] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.835] GetACP () returned 0x4e4 [0036.836] GetACP () returned 0x4e4 [0036.836] GetACP () returned 0x4e4 [0036.939] GetACP () returned 0x4e4 [0036.939] GetACP () returned 0x4e4 [0036.939] GetACP () returned 0x4e4 [0036.939] GetACP () returned 0x4e4 [0036.940] GetACP () returned 0x4e4 [0036.940] GetACP () returned 0x4e4 [0036.940] GetACP () returned 0x4e4 [0036.940] GetACP () returned 0x4e4 [0036.940] GetACP () returned 0x4e4 [0036.941] GetACP () returned 0x4e4 [0036.941] GetACP () returned 0x4e4 [0036.941] GetACP () returned 0x4e4 [0036.941] GetACP () returned 0x4e4 [0036.941] GetACP () returned 0x4e4 [0036.941] GetACP () returned 0x4e4 [0036.942] GetACP () returned 0x4e4 [0036.942] GetACP () returned 0x4e4 [0036.942] GetACP () returned 0x4e4 [0036.942] GetACP () returned 0x4e4 [0036.942] GetACP () returned 0x4e4 [0036.942] GetACP () returned 0x4e4 [0036.943] GetACP () returned 0x4e4 [0036.943] GetACP () returned 0x4e4 [0036.943] GetACP () returned 0x4e4 [0036.943] GetACP () returned 0x4e4 [0036.943] GetACP () returned 0x4e4 [0036.943] GetACP () returned 0x4e4 [0036.944] GetACP () returned 0x4e4 [0036.944] GetACP () returned 0x4e4 [0036.944] GetACP () returned 0x4e4 [0036.944] GetACP () returned 0x4e4 [0036.944] GetACP () returned 0x4e4 [0036.944] GetACP () returned 0x4e4 [0036.945] GetACP () returned 0x4e4 [0036.945] GetACP () returned 0x4e4 [0036.945] GetACP () returned 0x4e4 [0036.945] GetACP () returned 0x4e4 [0036.945] GetACP () returned 0x4e4 [0036.946] GetACP () returned 0x4e4 [0036.946] GetACP () returned 0x4e4 [0036.946] GetACP () returned 0x4e4 [0036.946] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.947] GetACP () returned 0x4e4 [0036.948] GetACP () returned 0x4e4 [0036.948] GetACP () returned 0x4e4 [0036.948] GetACP () returned 0x4e4 [0036.952] GetACP () returned 0x4e4 [0036.953] GetACP () returned 0x4e4 [0036.954] GetACP () returned 0x4e4 [0036.954] GetACP () returned 0x4e4 [0036.954] GetACP () returned 0x4e4 [0036.954] GetACP () returned 0x4e4 [0036.954] GetACP () returned 0x4e4 [0036.955] GetACP () returned 0x4e4 [0036.955] GetACP () returned 0x4e4 [0036.955] GetACP () returned 0x4e4 [0036.955] GetACP () returned 0x4e4 [0036.955] GetACP () returned 0x4e4 [0036.955] GetACP () returned 0x4e4 [0036.956] GetACP () returned 0x4e4 [0036.956] GetACP () returned 0x4e4 [0036.956] GetACP () returned 0x4e4 [0036.956] GetACP () returned 0x4e4 [0036.956] GetACP () returned 0x4e4 [0036.956] GetACP () returned 0x4e4 [0036.957] GetACP () returned 0x4e4 [0036.957] GetACP () returned 0x4e4 [0036.957] GetACP () returned 0x4e4 [0036.957] GetACP () returned 0x4e4 [0036.957] GetACP () returned 0x4e4 [0036.957] GetACP () returned 0x4e4 [0036.958] GetACP () returned 0x4e4 [0036.958] GetACP () returned 0x4e4 [0036.958] GetACP () returned 0x4e4 [0036.958] GetACP () returned 0x4e4 [0036.958] GetACP () returned 0x4e4 [0036.959] GetACP () returned 0x4e4 [0036.959] GetACP () returned 0x4e4 [0036.959] GetACP () returned 0x4e4 [0036.959] GetACP () returned 0x4e4 [0036.959] GetACP () returned 0x4e4 [0036.959] GetACP () returned 0x4e4 [0036.960] GetACP () returned 0x4e4 [0036.960] GetACP () returned 0x4e4 [0036.960] GetACP () returned 0x4e4 [0036.960] GetACP () returned 0x4e4 [0036.960] GetACP () returned 0x4e4 [0036.960] GetACP () returned 0x4e4 [0036.968] GetACP () returned 0x4e4 [0036.968] GetACP () returned 0x4e4 [0036.968] GetACP () returned 0x4e4 [0036.969] GetACP () returned 0x4e4 [0036.969] GetACP () returned 0x4e4 [0036.969] GetACP () returned 0x4e4 [0036.969] GetACP () returned 0x4e4 [0036.970] GetACP () returned 0x4e4 [0036.970] GetACP () returned 0x4e4 [0036.970] GetACP () returned 0x4e4 [0036.970] GetACP () returned 0x4e4 [0036.971] GetACP () returned 0x4e4 [0036.971] GetACP () returned 0x4e4 [0036.971] GetACP () returned 0x4e4 [0036.971] GetACP () returned 0x4e4 [0036.971] GetACP () returned 0x4e4 [0036.971] GetACP () returned 0x4e4 [0036.972] GetACP () returned 0x4e4 [0036.972] GetACP () returned 0x4e4 [0036.972] GetACP () returned 0x4e4 [0036.972] GetACP () returned 0x4e4 [0036.973] GetACP () returned 0x4e4 [0036.973] GetACP () returned 0x4e4 [0036.973] GetACP () returned 0x4e4 [0036.973] GetACP () returned 0x4e4 [0036.973] GetACP () returned 0x4e4 [0036.973] GetACP () returned 0x4e4 [0036.974] GetACP () returned 0x4e4 [0036.974] GetACP () returned 0x4e4 [0036.974] GetACP () returned 0x4e4 [0036.974] GetACP () returned 0x4e4 [0036.974] GetACP () returned 0x4e4 [0036.974] GetACP () returned 0x4e4 [0036.975] GetACP () returned 0x4e4 [0036.975] GetACP () returned 0x4e4 [0036.975] GetACP () returned 0x4e4 [0036.975] GetACP () returned 0x4e4 [0036.975] GetACP () returned 0x4e4 [0036.976] GetACP () returned 0x4e4 [0036.976] GetACP () returned 0x4e4 [0036.976] GetACP () returned 0x4e4 [0036.976] GetACP () returned 0x4e4 [0036.976] GetACP () returned 0x4e4 [0036.977] GetACP () returned 0x4e4 [0036.977] GetACP () returned 0x4e4 [0036.977] GetACP () returned 0x4e4 [0036.977] GetACP () returned 0x4e4 [0036.977] GetACP () returned 0x4e4 [0036.978] GetACP () returned 0x4e4 [0036.978] GetACP () returned 0x4e4 [0036.978] GetACP () returned 0x4e4 [0036.978] GetACP () returned 0x4e4 [0036.978] GetACP () returned 0x4e4 [0036.978] GetACP () returned 0x4e4 [0036.979] GetACP () returned 0x4e4 [0036.979] GetACP () returned 0x4e4 [0036.979] GetACP () returned 0x4e4 [0036.979] GetACP () returned 0x4e4 [0036.979] GetACP () returned 0x4e4 [0036.980] GetACP () returned 0x4e4 [0036.980] GetACP () returned 0x4e4 [0036.980] GetACP () returned 0x4e4 [0036.980] GetACP () returned 0x4e4 [0036.980] GetACP () returned 0x4e4 [0036.980] GetACP () returned 0x4e4 [0036.981] GetACP () returned 0x4e4 [0036.981] GetACP () returned 0x4e4 [0036.981] GetACP () returned 0x4e4 [0036.981] GetACP () returned 0x4e4 [0036.981] GetACP () returned 0x4e4 [0036.982] GetACP () returned 0x4e4 [0036.982] GetACP () returned 0x4e4 [0036.982] GetACP () returned 0x4e4 [0036.982] GetACP () returned 0x4e4 [0036.982] GetACP () returned 0x4e4 [0036.983] GetACP () returned 0x4e4 [0036.983] GetACP () returned 0x4e4 [0036.983] GetACP () returned 0x4e4 [0036.983] GetACP () returned 0x4e4 [0036.983] GetACP () returned 0x4e4 [0036.983] GetACP () returned 0x4e4 [0036.984] GetACP () returned 0x4e4 [0036.984] GetACP () returned 0x4e4 [0036.984] GetACP () returned 0x4e4 [0036.984] GetACP () returned 0x4e4 [0036.985] GetACP () returned 0x4e4 [0036.985] GetACP () returned 0x4e4 [0036.987] GetACP () returned 0x4e4 [0036.988] GetACP () returned 0x4e4 [0036.989] GetACP () returned 0x4e4 [0036.989] GetACP () returned 0x4e4 [0036.989] GetACP () returned 0x4e4 [0036.989] GetACP () returned 0x4e4 [0036.989] GetACP () returned 0x4e4 [0036.990] GetACP () returned 0x4e4 [0036.990] GetACP () returned 0x4e4 [0036.990] GetACP () returned 0x4e4 [0036.990] GetACP () returned 0x4e4 [0036.990] GetACP () returned 0x4e4 [0036.990] GetACP () returned 0x4e4 [0036.991] GetACP () returned 0x4e4 [0036.991] GetACP () returned 0x4e4 [0036.991] GetACP () returned 0x4e4 [0036.991] GetACP () returned 0x4e4 [0036.991] GetACP () returned 0x4e4 [0036.992] GetACP () returned 0x4e4 [0036.992] GetACP () returned 0x4e4 [0036.992] GetACP () returned 0x4e4 [0036.992] GetACP () returned 0x4e4 [0036.992] GetACP () returned 0x4e4 [0036.992] GetACP () returned 0x4e4 [0036.993] GetACP () returned 0x4e4 [0036.993] GetACP () returned 0x4e4 [0036.993] GetACP () returned 0x4e4 [0036.994] GetACP () returned 0x4e4 [0036.994] GetACP () returned 0x4e4 [0036.994] GetACP () returned 0x4e4 [0036.994] GetACP () returned 0x4e4 [0036.994] GetACP () returned 0x4e4 [0036.995] GetACP () returned 0x4e4 [0036.995] GetACP () returned 0x4e4 [0036.995] GetACP () returned 0x4e4 [0036.995] GetACP () returned 0x4e4 [0036.996] GetACP () returned 0x4e4 [0036.996] GetACP () returned 0x4e4 [0036.996] GetACP () returned 0x4e4 [0036.996] GetACP () returned 0x4e4 [0036.997] GetACP () returned 0x4e4 [0036.997] GetACP () returned 0x4e4 [0036.997] GetACP () returned 0x4e4 [0036.997] GetACP () returned 0x4e4 [0036.999] GetACP () returned 0x4e4 [0036.999] GetACP () returned 0x4e4 [0036.999] GetACP () returned 0x4e4 [0037.000] GetACP () returned 0x4e4 [0037.000] GetACP () returned 0x4e4 [0037.000] GetACP () returned 0x4e4 [0037.000] GetACP () returned 0x4e4 [0037.000] GetACP () returned 0x4e4 [0037.001] GetACP () returned 0x4e4 [0037.001] GetACP () returned 0x4e4 [0037.001] GetACP () returned 0x4e4 [0037.001] GetACP () returned 0x4e4 [0037.001] GetACP () returned 0x4e4 [0037.001] GetACP () returned 0x4e4 [0037.002] GetACP () returned 0x4e4 [0037.002] GetACP () returned 0x4e4 [0037.002] GetACP () returned 0x4e4 [0037.002] GetACP () returned 0x4e4 [0037.002] GetACP () returned 0x4e4 [0037.004] GetACP () returned 0x4e4 [0037.004] GetACP () returned 0x4e4 [0037.004] GetACP () returned 0x4e4 [0037.004] GetACP () returned 0x4e4 [0037.004] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.173] GetACP () returned 0x4e4 [0037.174] GetACP () returned 0x4e4 [0037.174] GetACP () returned 0x4e4 [0037.174] GetACP () returned 0x4e4 [0037.176] GetACP () returned 0x4e4 [0037.176] GetACP () returned 0x4e4 [0037.176] GetACP () returned 0x4e4 [0037.177] GetACP () returned 0x4e4 [0037.177] GetACP () returned 0x4e4 [0037.177] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.186] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.187] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.188] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.189] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.190] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.191] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.192] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.193] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.194] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.195] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.196] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.197] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.198] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.199] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.200] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.201] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.202] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.203] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.204] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.440] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.441] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.442] GetACP () returned 0x4e4 [0037.444] GetACP () returned 0x4e4 [0037.444] GetACP () returned 0x4e4 [0037.444] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.445] GetACP () returned 0x4e4 [0037.446] GetACP () returned 0x4e4 [0037.446] GetACP () returned 0x4e4 [0037.446] GetACP () returned 0x4e4 [0037.450] GetACP () returned 0x4e4 [0037.450] GetACP () returned 0x4e4 [0037.450] GetACP () returned 0x4e4 [0037.451] GetACP () returned 0x4e4 [0037.451] GetACP () returned 0x4e4 [0037.451] GetACP () returned 0x4e4 [0037.451] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.452] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.453] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.454] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.455] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.456] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.457] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.458] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.459] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.460] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.461] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.462] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.463] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.464] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.465] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.466] GetACP () returned 0x4e4 [0037.625] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.626] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.627] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.628] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.629] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.630] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.631] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.632] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.635] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.636] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.637] GetACP () returned 0x4e4 [0037.638] GetACP () returned 0x4e4 [0037.640] GetACP () returned 0x4e4 [0037.641] GetACP () returned 0x4e4 [0037.642] GetACP () returned 0x4e4 [0037.642] GetACP () returned 0x4e4 [0037.642] GetACP () returned 0x4e4 [0037.642] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.643] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.644] GetACP () returned 0x4e4 [0037.652] GetACP () returned 0x4e4 [0037.652] GetACP () returned 0x4e4 [0037.652] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.653] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.654] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.655] GetACP () returned 0x4e4 [0037.656] GetACP () returned 0x4e4 [0037.656] GetACP () returned 0x4e4 [0037.656] GetACP () returned 0x4e4 [0037.656] GetACP () returned 0x4e4 [0037.672] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.677] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.678] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.679] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.680] GetACP () returned 0x4e4 [0037.681] GetACP () returned 0x4e4 [0037.681] GetACP () returned 0x4e4 [0037.681] GetACP () returned 0x4e4 [0037.681] GetACP () returned 0x4e4 [0037.681] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.218] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.219] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.220] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.221] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.222] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.223] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.224] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.225] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.226] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.227] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.228] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.229] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.230] GetACP () returned 0x4e4 [0038.231] GetACP () returned 0x4e4 [0038.231] GetACP () returned 0x4e4 [0038.231] GetACP () returned 0x4e4 [0038.231] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.232] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.233] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.234] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.235] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.236] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.237] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.238] GetACP () returned 0x4e4 [0038.390] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.391] GetACP () returned 0x4e4 [0038.392] GetACP () returned 0x4e4 [0038.392] GetACP () returned 0x4e4 [0038.392] GetACP () returned 0x4e4 [0038.392] GetACP () returned 0x4e4 [0038.392] GetACP () returned 0x4e4 [0038.393] GetACP () returned 0x4e4 [0038.393] GetACP () returned 0x4e4 [0038.393] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.394] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.396] GetACP () returned 0x4e4 [0038.397] GetACP () returned 0x4e4 [0038.397] GetACP () returned 0x4e4 [0038.397] GetACP () returned 0x4e4 [0038.397] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.398] GetACP () returned 0x4e4 [0038.399] GetACP () returned 0x4e4 [0038.399] GetACP () returned 0x4e4 [0038.415] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.416] GetACP () returned 0x4e4 [0038.417] GetACP () returned 0x4e4 [0038.417] GetACP () returned 0x4e4 [0038.417] GetACP () returned 0x4e4 [0038.417] GetACP () returned 0x4e4 [0038.417] GetACP () returned 0x4e4 [0038.417] GetACP () returned 0x4e4 [0038.420] GetACP () returned 0x4e4 [0038.420] GetACP () returned 0x4e4 [0038.420] GetACP () returned 0x4e4 [0038.420] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.421] GetACP () returned 0x4e4 [0038.422] GetACP () returned 0x4e4 [0038.422] GetACP () returned 0x4e4 [0038.422] GetACP () returned 0x4e4 [0038.422] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.423] GetACP () returned 0x4e4 [0038.424] GetACP () returned 0x4e4 [0038.424] GetACP () returned 0x4e4 [0038.424] GetACP () returned 0x4e4 [0038.424] GetACP () returned 0x4e4 [0038.424] GetACP () returned 0x4e4 [0038.425] GetACP () returned 0x4e4 [0038.425] GetACP () returned 0x4e4 [0038.425] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.426] GetACP () returned 0x4e4 [0038.427] GetACP () returned 0x4e4 [0038.427] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.428] GetACP () returned 0x4e4 [0038.429] GetACP () returned 0x4e4 [0038.429] GetACP () returned 0x4e4 [0038.429] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.430] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.431] GetACP () returned 0x4e4 [0038.432] GetACP () returned 0x4e4 [0038.432] GetACP () returned 0x4e4 [0038.432] GetACP () returned 0x4e4 [0038.432] GetACP () returned 0x4e4 [0038.432] GetACP () returned 0x4e4 [0038.433] GetACP () returned 0x4e4 [0038.433] GetACP () returned 0x4e4 [0038.433] GetACP () returned 0x4e4 [0038.433] GetACP () returned 0x4e4 [0038.433] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.434] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.435] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.436] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.437] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.438] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.439] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.440] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.558] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.559] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.560] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.561] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.562] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.563] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.564] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.565] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.566] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.567] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.568] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.569] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.570] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.571] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.572] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.573] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.574] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.575] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.576] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.577] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0038.578] GetACP () returned 0x4e4 [0039.250] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0039.250] VirtualAlloc (lpAddress=0x0, dwSize=0x11a00, flAllocationType=0x1000, flProtect=0x4) returned 0x290000 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.251] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.252] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.253] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.254] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.255] GetACP () returned 0x4e4 [0039.256] GetACP () returned 0x4e4 [0039.256] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.257] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.258] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.259] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.260] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.261] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.262] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.263] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.264] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.265] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.266] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.267] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.268] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.269] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.270] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.271] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.479] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.480] GetACP () returned 0x4e4 [0039.483] GetACP () returned 0x4e4 [0039.494] GetACP () returned 0x4e4 [0039.494] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.495] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.496] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.497] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.498] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.499] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.500] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.501] GetACP () returned 0x4e4 [0039.502] GetACP () returned 0x4e4 [0039.502] GetACP () returned 0x4e4 [0039.509] GetACP () returned 0x4e4 [0039.509] GetACP () returned 0x4e4 [0039.509] GetACP () returned 0x4e4 [0039.509] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.510] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.511] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.512] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.513] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.514] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.515] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.516] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.517] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.518] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.519] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.520] GetACP () returned 0x4e4 [0039.521] GetACP () returned 0x4e4 [0039.521] GetACP () returned 0x4e4 [0039.521] GetACP () returned 0x4e4 [0040.057] GetACP () returned 0x4e4 [0040.057] GetACP () returned 0x4e4 [0040.057] GetACP () returned 0x4e4 [0040.057] GetACP () returned 0x4e4 [0040.057] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.058] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.059] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.060] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.061] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.062] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.063] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.064] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.065] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.066] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.067] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.068] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.069] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.070] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.071] GetACP () returned 0x4e4 [0040.072] GetACP () returned 0x4e4 [0040.072] GetACP () returned 0x4e4 [0040.072] GetACP () returned 0x4e4 [0040.072] GetACP () returned 0x4e4 [0040.072] GetACP () returned 0x4e4 [0040.072] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.073] GetACP () returned 0x4e4 [0040.074] GetACP () returned 0x4e4 [0040.074] GetACP () returned 0x4e4 [0040.074] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.077] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.078] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.079] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.080] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.081] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.082] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.083] GetACP () returned 0x4e4 [0040.084] GetACP () returned 0x4e4 [0040.084] GetACP () returned 0x4e4 [0040.084] GetACP () returned 0x4e4 [0040.084] GetACP () returned 0x4e4 [0040.084] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.085] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.086] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.087] GetACP () returned 0x4e4 [0040.088] GetACP () returned 0x4e4 [0040.088] GetACP () returned 0x4e4 [0040.088] GetACP () returned 0x4e4 [0040.088] GetACP () returned 0x4e4 [0040.088] GetACP () returned 0x4e4 [0040.088] GetACP () returned 0x4e4 [0040.199] GetACP () returned 0x4e4 [0040.200] GetACP () returned 0x4e4 [0040.467] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.468] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.469] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.470] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.471] GetACP () returned 0x4e4 [0040.476] GetACP () returned 0x4e4 [0040.476] GetACP () returned 0x4e4 [0040.476] GetACP () returned 0x4e4 [0040.476] GetACP () returned 0x4e4 [0040.476] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.477] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.478] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.479] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.480] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.481] GetACP () returned 0x4e4 [0040.499] GetACP () returned 0x4e4 [0040.499] GetACP () returned 0x4e4 [0040.500] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.519] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.520] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.521] GetACP () returned 0x4e4 [0040.522] GetACP () returned 0x4e4 [0040.522] GetACP () returned 0x4e4 [0040.522] GetACP () returned 0x4e4 [0040.522] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.524] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.525] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.526] GetACP () returned 0x4e4 [0040.536] GetACP () returned 0x4e4 [0040.536] GetACP () returned 0x4e4 [0040.536] GetACP () returned 0x4e4 [0040.536] GetACP () returned 0x4e4 [0040.536] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.537] GetACP () returned 0x4e4 [0040.538] GetACP () returned 0x4e4 [0040.538] GetACP () returned 0x4e4 [0040.538] GetACP () returned 0x4e4 [0040.538] GetACP () returned 0x4e4 [0040.538] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.539] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.540] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.541] GetACP () returned 0x4e4 [0040.542] GetACP () returned 0x4e4 [0040.542] GetACP () returned 0x4e4 [0040.542] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.544] GetACP () returned 0x4e4 [0040.620] GetACP () returned 0x4e4 [0040.620] GetACP () returned 0x4e4 [0040.620] GetACP () returned 0x4e4 [0040.620] GetACP () returned 0x4e4 [0040.620] GetACP () returned 0x4e4 [0040.620] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.621] GetACP () returned 0x4e4 [0040.622] GetACP () returned 0x4e4 [0040.622] GetACP () returned 0x4e4 [0040.622] GetACP () returned 0x4e4 [0040.622] GetACP () returned 0x4e4 [0040.622] GetACP () returned 0x4e4 [0040.623] GetACP () returned 0x4e4 [0040.623] GetACP () returned 0x4e4 [0040.623] GetACP () returned 0x4e4 [0040.623] GetACP () returned 0x4e4 [0040.624] GetACP () returned 0x4e4 [0040.624] GetACP () returned 0x4e4 [0040.624] GetACP () returned 0x4e4 [0040.624] GetACP () returned 0x4e4 [0040.624] GetACP () returned 0x4e4 [0040.625] GetACP () returned 0x4e4 [0040.625] GetACP () returned 0x4e4 [0040.625] GetACP () returned 0x4e4 [0040.625] GetACP () returned 0x4e4 [0040.625] GetACP () returned 0x4e4 [0040.626] GetACP () returned 0x4e4 [0040.626] GetACP () returned 0x4e4 [0040.626] GetACP () returned 0x4e4 [0040.626] GetACP () returned 0x4e4 [0040.626] GetACP () returned 0x4e4 [0040.627] GetACP () returned 0x4e4 [0040.627] GetACP () returned 0x4e4 [0040.627] GetACP () returned 0x4e4 [0040.627] GetACP () returned 0x4e4 [0040.627] GetACP () returned 0x4e4 [0040.628] GetACP () returned 0x4e4 [0040.628] GetACP () returned 0x4e4 [0040.628] GetACP () returned 0x4e4 [0040.628] GetACP () returned 0x4e4 [0040.628] GetACP () returned 0x4e4 [0040.628] GetACP () returned 0x4e4 [0040.629] GetACP () returned 0x4e4 [0040.629] GetACP () returned 0x4e4 [0040.629] GetACP () returned 0x4e4 [0040.629] GetACP () returned 0x4e4 [0040.629] GetACP () returned 0x4e4 [0040.630] GetACP () returned 0x4e4 [0040.630] GetACP () returned 0x4e4 [0040.630] GetACP () returned 0x4e4 [0040.630] GetACP () returned 0x4e4 [0040.630] GetACP () returned 0x4e4 [0040.631] GetACP () returned 0x4e4 [0040.631] GetACP () returned 0x4e4 [0040.631] GetACP () returned 0x4e4 [0040.631] GetACP () returned 0x4e4 [0040.632] GetACP () returned 0x4e4 [0040.632] GetACP () returned 0x4e4 [0040.632] GetACP () returned 0x4e4 [0040.632] GetACP () returned 0x4e4 [0040.632] GetACP () returned 0x4e4 [0040.633] GetACP () returned 0x4e4 [0040.633] GetACP () returned 0x4e4 [0040.633] GetACP () returned 0x4e4 [0040.633] GetACP () returned 0x4e4 [0040.633] GetACP () returned 0x4e4 [0040.633] GetACP () returned 0x4e4 [0040.634] GetACP () returned 0x4e4 [0040.634] GetACP () returned 0x4e4 [0040.634] GetACP () returned 0x4e4 [0040.634] GetACP () returned 0x4e4 [0040.634] GetACP () returned 0x4e4 [0040.635] GetACP () returned 0x4e4 [0040.635] GetACP () returned 0x4e4 [0040.635] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.640] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.641] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.642] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.643] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.644] GetACP () returned 0x4e4 [0040.645] GetACP () returned 0x4e4 [0040.645] GetACP () returned 0x4e4 [0040.645] GetACP () returned 0x4e4 [0040.645] GetACP () returned 0x4e4 [0040.645] GetACP () returned 0x4e4 [0040.645] GetACP () returned 0x4e4 [0040.646] GetACP () returned 0x4e4 [0040.646] GetACP () returned 0x4e4 [0040.646] GetACP () returned 0x4e4 [0040.646] GetACP () returned 0x4e4 [0040.646] GetACP () returned 0x4e4 [0040.647] GetACP () returned 0x4e4 [0040.647] GetACP () returned 0x4e4 [0040.647] GetACP () returned 0x4e4 [0040.647] GetACP () returned 0x4e4 [0040.648] GetACP () returned 0x4e4 [0040.648] GetACP () returned 0x4e4 [0040.648] GetACP () returned 0x4e4 [0040.648] GetACP () returned 0x4e4 [0040.649] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.653] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.654] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.655] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.656] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.657] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.658] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.659] GetACP () returned 0x4e4 [0040.663] GetACP () returned 0x4e4 [0040.663] GetACP () returned 0x4e4 [0040.663] GetACP () returned 0x4e4 [0040.663] GetACP () returned 0x4e4 [0040.663] GetACP () returned 0x4e4 [0040.663] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.664] GetACP () returned 0x4e4 [0040.665] GetACP () returned 0x4e4 [0040.665] GetACP () returned 0x4e4 [0040.665] GetACP () returned 0x4e4 [0040.665] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.669] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.670] GetACP () returned 0x4e4 [0040.671] GetACP () returned 0x4e4 [0040.671] GetACP () returned 0x4e4 [0040.671] GetACP () returned 0x4e4 [0040.671] GetACP () returned 0x4e4 [0040.857] GetACP () returned 0x4e4 [0040.857] GetACP () returned 0x4e4 [0040.857] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.858] GetACP () returned 0x4e4 [0040.859] GetACP () returned 0x4e4 [0040.859] GetACP () returned 0x4e4 [0040.859] GetACP () returned 0x4e4 [0040.859] GetACP () returned 0x4e4 [0040.859] GetACP () returned 0x4e4 [0040.859] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.860] GetACP () returned 0x4e4 [0040.861] GetACP () returned 0x4e4 [0040.861] GetACP () returned 0x4e4 [0040.863] GetACP () returned 0x4e4 [0040.863] GetACP () returned 0x4e4 [0040.863] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.864] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.865] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.866] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.867] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.868] GetACP () returned 0x4e4 [0040.869] GetACP () returned 0x4e4 [0040.869] GetACP () returned 0x4e4 [0040.869] GetACP () returned 0x4e4 [0040.869] GetACP () returned 0x4e4 [0040.869] GetACP () returned 0x4e4 [0040.869] GetACP () returned 0x4e4 [0040.870] GetACP () returned 0x4e4 [0040.870] GetACP () returned 0x4e4 [0040.870] GetACP () returned 0x4e4 [0040.870] GetACP () returned 0x4e4 [0040.870] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.871] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.872] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.873] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.874] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.875] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.876] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.877] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.878] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.879] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.880] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.881] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.882] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.883] GetACP () returned 0x4e4 [0040.884] GetACP () returned 0x4e4 [0040.884] GetACP () returned 0x4e4 [0040.884] GetACP () returned 0x4e4 [0040.884] GetACP () returned 0x4e4 [0040.884] GetACP () returned 0x4e4 [0040.884] GetACP () returned 0x4e4 [0040.886] GetACP () returned 0x4e4 [0040.886] GetACP () returned 0x4e4 [0040.886] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.104] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.105] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.106] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.107] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.108] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.109] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.110] GetACP () returned 0x4e4 [0041.113] GetACP () returned 0x4e4 [0041.113] GetACP () returned 0x4e4 [0041.113] GetACP () returned 0x4e4 [0041.113] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.114] GetACP () returned 0x4e4 [0041.115] GetACP () returned 0x4e4 [0041.115] GetACP () returned 0x4e4 [0041.115] GetACP () returned 0x4e4 [0041.117] GetACP () returned 0x4e4 [0041.117] GetACP () returned 0x4e4 [0041.117] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.118] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.119] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.120] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.121] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.122] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.123] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.124] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.125] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.126] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.127] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.128] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.129] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.130] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.416] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.417] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.418] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.419] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.420] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.421] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.422] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.423] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.424] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.425] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.426] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.427] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.428] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.429] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.430] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.431] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.432] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.433] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.434] GetACP () returned 0x4e4 [0041.435] GetACP () returned 0x4e4 [0041.435] GetACP () returned 0x4e4 [0041.435] GetACP () returned 0x4e4 [0041.435] GetACP () returned 0x4e4 [0041.435] GetACP () returned 0x4e4 [0041.435] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.541] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.542] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.543] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.544] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.545] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.546] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.547] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.548] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.549] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.550] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.551] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.552] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.553] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.554] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.555] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.556] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.557] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.558] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.559] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.560] GetACP () returned 0x4e4 [0041.561] GetACP () returned 0x4e4 [0041.561] GetACP () returned 0x4e4 [0041.561] GetACP () returned 0x4e4 [0041.561] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.822] GetACP () returned 0x4e4 [0041.823] GetACP () returned 0x4e4 [0041.823] GetACP () returned 0x4e4 [0041.823] GetACP () returned 0x4e4 [0041.823] GetACP () returned 0x4e4 [0041.823] GetACP () returned 0x4e4 [0041.823] GetACP () returned 0x4e4 [0041.824] GetACP () returned 0x4e4 [0041.824] GetACP () returned 0x4e4 [0041.824] GetACP () returned 0x4e4 [0041.824] GetACP () returned 0x4e4 [0041.824] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.825] GetACP () returned 0x4e4 [0041.826] GetACP () returned 0x4e4 [0041.826] GetACP () returned 0x4e4 [0041.826] GetACP () returned 0x4e4 [0041.826] GetACP () returned 0x4e4 [0041.826] GetACP () returned 0x4e4 [0041.826] GetACP () returned 0x4e4 [0041.827] GetACP () returned 0x4e4 [0041.827] GetACP () returned 0x4e4 [0041.830] GetACP () returned 0x4e4 [0041.830] GetACP () returned 0x4e4 [0041.830] GetACP () returned 0x4e4 [0041.830] GetACP () returned 0x4e4 [0041.830] GetACP () returned 0x4e4 [0041.830] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.831] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.832] GetACP () returned 0x4e4 [0041.833] GetACP () returned 0x4e4 [0041.833] GetACP () returned 0x4e4 [0041.833] GetACP () returned 0x4e4 [0041.833] GetACP () returned 0x4e4 [0041.833] GetACP () returned 0x4e4 [0041.840] GetACP () returned 0x4e4 [0041.840] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.841] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.842] GetACP () returned 0x4e4 [0041.843] GetACP () returned 0x4e4 [0041.843] GetACP () returned 0x4e4 [0041.843] GetACP () returned 0x4e4 [0041.843] GetACP () returned 0x4e4 [0041.843] GetACP () returned 0x4e4 [0041.843] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.844] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.845] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.846] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.847] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.848] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.849] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.850] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.851] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.852] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.853] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.854] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.855] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.856] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.857] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.858] GetACP () returned 0x4e4 [0041.859] GetACP () returned 0x4e4 [0041.859] GetACP () returned 0x4e4 [0041.859] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.319] GetACP () returned 0x4e4 [0042.320] GetACP () returned 0x4e4 [0042.320] GetACP () returned 0x4e4 [0042.321] GetACP () returned 0x4e4 [0042.321] GetACP () returned 0x4e4 [0042.321] GetACP () returned 0x4e4 [0042.321] GetACP () returned 0x4e4 [0042.321] GetACP () returned 0x4e4 [0042.321] GetACP () returned 0x4e4 [0042.322] GetACP () returned 0x4e4 [0042.322] GetACP () returned 0x4e4 [0042.322] GetACP () returned 0x4e4 [0042.322] GetACP () returned 0x4e4 [0042.322] GetACP () returned 0x4e4 [0042.323] GetACP () returned 0x4e4 [0042.323] GetACP () returned 0x4e4 [0042.323] GetACP () returned 0x4e4 [0042.323] GetACP () returned 0x4e4 [0042.324] GetACP () returned 0x4e4 [0042.324] GetACP () returned 0x4e4 [0042.324] GetACP () returned 0x4e4 [0042.324] GetACP () returned 0x4e4 [0042.325] GetACP () returned 0x4e4 [0042.325] GetACP () returned 0x4e4 [0042.325] GetACP () returned 0x4e4 [0042.326] GetACP () returned 0x4e4 [0042.326] GetACP () returned 0x4e4 [0042.326] GetACP () returned 0x4e4 [0042.327] GetACP () returned 0x4e4 [0042.327] GetACP () returned 0x4e4 [0042.327] GetACP () returned 0x4e4 [0042.327] GetACP () returned 0x4e4 [0042.328] GetACP () returned 0x4e4 [0042.328] GetACP () returned 0x4e4 [0042.328] GetACP () returned 0x4e4 [0042.329] GetACP () returned 0x4e4 [0042.329] GetACP () returned 0x4e4 [0042.329] GetACP () returned 0x4e4 [0042.330] GetACP () returned 0x4e4 [0042.330] GetACP () returned 0x4e4 [0042.330] GetACP () returned 0x4e4 [0042.330] GetACP () returned 0x4e4 [0042.331] GetACP () returned 0x4e4 [0042.331] GetACP () returned 0x4e4 [0042.331] GetACP () returned 0x4e4 [0042.332] GetACP () returned 0x4e4 [0042.332] GetACP () returned 0x4e4 [0042.332] GetACP () returned 0x4e4 [0042.332] GetACP () returned 0x4e4 [0042.333] GetACP () returned 0x4e4 [0042.333] GetACP () returned 0x4e4 [0042.333] GetACP () returned 0x4e4 [0042.334] GetACP () returned 0x4e4 [0042.334] GetACP () returned 0x4e4 [0042.335] GetACP () returned 0x4e4 [0042.335] GetACP () returned 0x4e4 [0042.335] GetACP () returned 0x4e4 [0042.336] GetACP () returned 0x4e4 [0042.337] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.340] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.341] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.342] GetACP () returned 0x4e4 [0042.347] GetACP () returned 0x4e4 [0042.347] GetACP () returned 0x4e4 [0042.347] GetACP () returned 0x4e4 [0042.347] GetACP () returned 0x4e4 [0042.347] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.348] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.349] GetACP () returned 0x4e4 [0042.350] GetACP () returned 0x4e4 [0042.350] GetACP () returned 0x4e4 [0042.350] GetACP () returned 0x4e4 [0042.350] GetACP () returned 0x4e4 [0042.350] GetACP () returned 0x4e4 [0042.350] GetACP () returned 0x4e4 [0042.351] GetACP () returned 0x4e4 [0042.351] GetACP () returned 0x4e4 [0042.351] GetACP () returned 0x4e4 [0042.351] GetACP () returned 0x4e4 [0042.351] GetACP () returned 0x4e4 [0042.351] GetACP () returned 0x4e4 [0042.352] GetACP () returned 0x4e4 [0042.352] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.353] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.354] GetACP () returned 0x4e4 [0042.355] GetACP () returned 0x4e4 [0042.355] GetACP () returned 0x4e4 [0042.355] GetACP () returned 0x4e4 [0042.355] GetACP () returned 0x4e4 [0042.355] GetACP () returned 0x4e4 [0042.355] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.356] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.357] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.358] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.359] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.360] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.361] GetACP () returned 0x4e4 [0042.362] GetACP () returned 0x4e4 [0042.362] GetACP () returned 0x4e4 [0042.362] GetACP () returned 0x4e4 [0042.364] GetACP () returned 0x4e4 [0042.364] GetACP () returned 0x4e4 [0042.364] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.365] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.366] GetACP () returned 0x4e4 [0042.367] GetACP () returned 0x4e4 [0042.367] GetACP () returned 0x4e4 [0042.367] GetACP () returned 0x4e4 [0042.367] GetACP () returned 0x4e4 [0042.367] GetACP () returned 0x4e4 [0042.368] GetACP () returned 0x4e4 [0042.368] GetACP () returned 0x4e4 [0042.368] GetACP () returned 0x4e4 [0042.368] GetACP () returned 0x4e4 [0042.368] GetACP () returned 0x4e4 [0042.368] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.369] GetACP () returned 0x4e4 [0042.370] GetACP () returned 0x4e4 [0042.370] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.539] GetACP () returned 0x4e4 [0042.540] GetACP () returned 0x4e4 [0042.540] GetACP () returned 0x4e4 [0042.542] GetACP () returned 0x4e4 [0042.542] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.543] GetACP () returned 0x4e4 [0042.544] GetACP () returned 0x4e4 [0042.544] GetACP () returned 0x4e4 [0042.544] GetACP () returned 0x4e4 [0042.544] GetACP () returned 0x4e4 [0042.544] GetACP () returned 0x4e4 [0042.544] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.545] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.546] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.547] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.548] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.549] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.550] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.551] GetACP () returned 0x4e4 [0042.560] GetACP () returned 0x4e4 [0042.560] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.561] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.562] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.563] GetACP () returned 0x4e4 [0042.564] GetACP () returned 0x4e4 [0042.564] GetACP () returned 0x4e4 [0042.564] GetACP () returned 0x4e4 [0042.564] GetACP () returned 0x4e4 [0042.564] GetACP () returned 0x4e4 [0042.564] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.565] GetACP () returned 0x4e4 [0042.566] GetACP () returned 0x4e4 [0042.566] GetACP () returned 0x4e4 [0042.566] GetACP () returned 0x4e4 [0042.566] GetACP () returned 0x4e4 [0042.566] GetACP () returned 0x4e4 [0042.566] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.567] GetACP () returned 0x4e4 [0042.568] GetACP () returned 0x4e4 [0042.568] GetACP () returned 0x4e4 [0042.568] GetACP () returned 0x4e4 [0042.568] GetACP () returned 0x4e4 [0042.568] GetACP () returned 0x4e4 [0042.568] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.569] GetACP () returned 0x4e4 [0042.570] GetACP () returned 0x4e4 [0042.570] GetACP () returned 0x4e4 [0042.570] GetACP () returned 0x4e4 [0042.570] GetACP () returned 0x4e4 [0042.570] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.571] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.572] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.573] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.574] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.575] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.576] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.577] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.578] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.579] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.580] GetACP () returned 0x4e4 [0042.775] GetACP () returned 0x4e4 [0042.775] GetACP () returned 0x4e4 [0042.775] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.776] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.777] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.778] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.779] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.780] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.781] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.782] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.783] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.784] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.785] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.786] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.787] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.788] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.789] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.790] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.791] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.792] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.793] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.794] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.795] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.796] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.797] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.798] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.799] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.800] GetACP () returned 0x4e4 [0042.801] GetACP () returned 0x4e4 [0042.991] GetACP () returned 0x4e4 [0042.991] GetACP () returned 0x4e4 [0042.991] GetACP () returned 0x4e4 [0042.991] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.992] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.993] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.994] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.995] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.996] GetACP () returned 0x4e4 [0042.997] GetACP () returned 0x4e4 [0042.997] GetACP () returned 0x4e4 [0042.997] GetACP () returned 0x4e4 [0042.997] GetACP () returned 0x4e4 [0042.997] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.998] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0042.999] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.000] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.001] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.002] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.003] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.004] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.005] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.006] GetACP () returned 0x4e4 [0043.007] GetACP () returned 0x4e4 [0043.007] GetACP () returned 0x4e4 [0043.007] GetACP () returned 0x4e4 [0043.007] GetACP () returned 0x4e4 [0043.007] GetACP () returned 0x4e4 [0043.007] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.008] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.009] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.010] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.011] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.012] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.013] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.014] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.015] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.016] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.017] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.018] GetACP () returned 0x4e4 [0043.176] GetACP () returned 0x4e4 [0043.176] GetACP () returned 0x4e4 [0043.176] GetACP () returned 0x4e4 [0043.177] GetACP () returned 0x4e4 [0043.177] GetACP () returned 0x4e4 [0043.177] GetACP () returned 0x4e4 [0043.178] GetACP () returned 0x4e4 [0043.178] GetACP () returned 0x4e4 [0043.178] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.179] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.180] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.181] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.182] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.183] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.184] GetACP () returned 0x4e4 [0043.185] GetACP () returned 0x4e4 [0043.185] GetACP () returned 0x4e4 [0043.185] GetACP () returned 0x4e4 [0043.185] GetACP () returned 0x4e4 [0043.185] GetACP () returned 0x4e4 [0043.185] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.186] GetACP () returned 0x4e4 [0043.187] GetACP () returned 0x4e4 [0043.187] GetACP () returned 0x4e4 [0043.187] GetACP () returned 0x4e4 [0043.187] GetACP () returned 0x4e4 [0043.187] GetACP () returned 0x4e4 [0043.187] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.188] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.189] GetACP () returned 0x4e4 [0043.190] GetACP () returned 0x4e4 [0043.190] GetACP () returned 0x4e4 [0043.190] GetACP () returned 0x4e4 [0043.190] GetACP () returned 0x4e4 [0043.190] GetACP () returned 0x4e4 [0043.190] GetACP () returned 0x4e4 [0043.191] GetACP () returned 0x4e4 [0043.191] GetACP () returned 0x4e4 [0043.191] GetACP () returned 0x4e4 [0043.191] GetACP () returned 0x4e4 [0043.191] GetACP () returned 0x4e4 [0043.191] GetACP () returned 0x4e4 [0043.192] GetACP () returned 0x4e4 [0043.192] GetACP () returned 0x4e4 [0043.192] GetACP () returned 0x4e4 [0043.192] GetACP () returned 0x4e4 [0043.192] GetACP () returned 0x4e4 [0043.192] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.193] GetACP () returned 0x4e4 [0043.194] GetACP () returned 0x4e4 [0043.194] GetACP () returned 0x4e4 [0043.195] GetACP () returned 0x4e4 [0043.195] GetACP () returned 0x4e4 [0043.196] GetACP () returned 0x4e4 [0043.196] GetACP () returned 0x4e4 [0043.196] GetACP () returned 0x4e4 [0043.196] GetACP () returned 0x4e4 [0043.196] GetACP () returned 0x4e4 [0043.196] GetACP () returned 0x4e4 [0043.197] GetACP () returned 0x4e4 [0043.197] GetACP () returned 0x4e4 [0043.197] GetACP () returned 0x4e4 [0043.197] GetACP () returned 0x4e4 [0043.197] GetACP () returned 0x4e4 [0043.198] GetACP () returned 0x4e4 [0043.198] GetACP () returned 0x4e4 [0043.198] GetACP () returned 0x4e4 [0043.198] GetACP () returned 0x4e4 [0043.198] GetACP () returned 0x4e4 [0043.198] GetACP () returned 0x4e4 [0043.199] GetACP () returned 0x4e4 [0043.199] GetACP () returned 0x4e4 [0043.199] GetACP () returned 0x4e4 [0043.199] GetACP () returned 0x4e4 [0043.199] GetACP () returned 0x4e4 [0043.199] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.200] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.201] GetACP () returned 0x4e4 [0043.202] GetACP () returned 0x4e4 [0043.202] GetACP () returned 0x4e4 [0043.202] GetACP () returned 0x4e4 [0043.202] GetACP () returned 0x4e4 [0043.202] GetACP () returned 0x4e4 [0043.202] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.203] GetACP () returned 0x4e4 [0043.204] GetACP () returned 0x4e4 [0043.204] GetACP () returned 0x4e4 [0043.204] GetACP () returned 0x4e4 [0043.204] GetACP () returned 0x4e4 [0043.204] GetACP () returned 0x4e4 [0043.204] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.205] GetACP () returned 0x4e4 [0043.206] GetACP () returned 0x4e4 [0043.206] GetACP () returned 0x4e4 [0043.206] GetACP () returned 0x4e4 [0043.206] GetACP () returned 0x4e4 [0043.206] GetACP () returned 0x4e4 [0043.206] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.207] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.208] GetACP () returned 0x4e4 [0043.209] GetACP () returned 0x4e4 [0043.209] GetACP () returned 0x4e4 [0043.209] GetACP () returned 0x4e4 [0043.209] GetACP () returned 0x4e4 [0043.209] GetACP () returned 0x4e4 [0043.209] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.210] GetACP () returned 0x4e4 [0043.211] GetACP () returned 0x4e4 [0043.211] GetACP () returned 0x4e4 [0043.211] GetACP () returned 0x4e4 [0043.211] GetACP () returned 0x4e4 [0043.211] GetACP () returned 0x4e4 [0043.211] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.212] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.571] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.572] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.573] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.574] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.575] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.576] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.577] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.578] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.579] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.580] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.581] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.582] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.583] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.584] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.585] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.586] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.587] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.588] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.589] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.590] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.591] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.709] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.710] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.711] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.712] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.713] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.714] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.715] GetACP () returned 0x4e4 [0043.716] GetACP () returned 0x4e4 [0043.716] GetACP () returned 0x4e4 [0043.716] GetACP () returned 0x4e4 [0043.716] GetACP () returned 0x4e4 [0043.716] GetACP () returned 0x4e4 [0043.716] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.717] GetACP () returned 0x4e4 [0043.724] GetACP () returned 0x4e4 [0043.727] GetACP () returned 0x4e4 [0043.728] GetACP () returned 0x4e4 [0043.729] GetACP () returned 0x4e4 [0043.729] GetACP () returned 0x4e4 [0043.730] GetACP () returned 0x4e4 [0043.731] GetACP () returned 0x4e4 [0043.732] GetACP () returned 0x4e4 [0043.732] GetACP () returned 0x4e4 [0043.733] GetACP () returned 0x4e4 [0043.734] GetACP () returned 0x4e4 [0043.734] GetACP () returned 0x4e4 [0043.735] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.736] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.737] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.738] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.739] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.740] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.741] GetACP () returned 0x4e4 [0043.767] GetACP () returned 0x4e4 [0043.768] GetACP () returned 0x4e4 [0043.770] GetACP () returned 0x4e4 [0043.772] GetACP () returned 0x4e4 [0043.774] GetACP () returned 0x4e4 [0043.775] GetACP () returned 0x4e4 [0043.776] GetACP () returned 0x4e4 [0043.777] GetACP () returned 0x4e4 [0043.778] GetACP () returned 0x4e4 [0043.778] GetACP () returned 0x4e4 [0043.779] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.780] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.781] GetACP () returned 0x4e4 [0043.782] GetACP () returned 0x4e4 [0043.784] GetACP () returned 0x4e4 [0043.788] GetACP () returned 0x4e4 [0043.788] GetACP () returned 0x4e4 [0043.788] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.789] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.790] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0043.791] GetACP () returned 0x4e4 [0044.042] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1b000, flNewProtect=0x40, lpflOldProtect=0x2890f0 | out: lpflOldProtect=0x2890f0*=0x2) returned 1 [0044.057] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x2890f0 | out: lpflOldProtect=0x2890f0*=0x40) returned 1 [0044.059] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0044.059] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75fd0000 [0044.060] GetProcAddress (hModule=0x75fd0000, lpProcName="OutputDebugStringA") returned 0x7600b2b7 [0044.060] GetProcAddress (hModule=0x75fd0000, lpProcName="HeapValidate") returned 0x75ffb17b [0044.192] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f61c, nSize=0x1000 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe")) returned 0x66 [0044.193] GetVersionExW (in: lpVersionInformation=0x18fcbc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fcbc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0044.193] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18fca8 | out: Wow64Process=0x18fca8) returned 1 [0044.193] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc84 | out: TokenHandle=0x18fc84*=0xcc) returned 1 [0044.193] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc80 | out: TokenInformation=0x0, ReturnLength=0x18fc80) returned 0 [0044.194] GetLastError () returned 0x7a [0044.194] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x2251080, TokenInformationLength=0x118, ReturnLength=0x18fc80 | out: TokenInformation=0x2251080, ReturnLength=0x18fc80) returned 1 [0044.194] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fc90, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fc88 | out: pSid=0x18fc88*=0x541bf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0044.194] EqualSid (pSid1=0x541bf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x22510e4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25))) returned 0 [0044.194] EqualSid (pSid1=0x541bf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x2251100*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 0 [0044.196] EqualSid (pSid1=0x541bf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x225110c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0044.197] NtClose (Handle=0xcc) returned 0x0 [0044.203] RtlQueryElevationFlags () returned 0x0 [0044.253] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0044.254] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x225b970, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0044.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x225bc80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0044.255] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x225b970, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0044.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x225bce0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0044.255] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x225b970, cchName=0x104 | out: lpName="SAM") returned 0x0 [0044.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x225bd28, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0044.257] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x225b970, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0044.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x225bce0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0044.257] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x225b970, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0044.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x225bd28, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0044.258] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0044.258] RegCloseKey (hKey=0x80000002) returned 0x0 [0044.258] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x225b970, cchName=0x104 | out: lpName="ATI Technologies") returned 0x0 [0044.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0044.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x225c160, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ati technologies", lpUsedDefaultChar=0x0) returned 16 [0044.259] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x225b970, cchName=0x104 | out: lpName="CBSTEST") returned 0x0 [0044.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cbstest", lpUsedDefaultChar=0x0) returned 7 [0044.260] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x225b970, cchName=0x104 | out: lpName="Classes") returned 0x0 [0044.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="classes", lpUsedDefaultChar=0x0) returned 7 [0044.260] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x225b970, cchName=0x104 | out: lpName="Clients") returned 0x0 [0044.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clients", lpUsedDefaultChar=0x0) returned 7 [0044.261] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x225b970, cchName=0x104 | out: lpName="Intel") returned 0x0 [0044.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intel", lpUsedDefaultChar=0x0) returned 5 [0044.261] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x5, lpName=0x225b970, cchName=0x104 | out: lpName="Macromedia") returned 0x0 [0044.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x225c1a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="macromedia", lpUsedDefaultChar=0x0) returned 10 [0044.262] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x6, lpName=0x225b970, cchName=0x104 | out: lpName="Microsoft") returned 0x0 [0044.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft", lpUsedDefaultChar=0x0) returned 9 [0044.263] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0044.263] RegCloseKey (hKey=0xcc) returned 0x0 [0044.263] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0x225b970, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0044.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0044.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x225c1a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0044.264] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0x225b970, cchName=0x104 | out: lpName="Active Setup") returned 0x0 [0044.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active setup", lpUsedDefaultChar=0x0) returned 12 [0044.264] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0x225b970, cchName=0x104 | out: lpName="ADs") returned 0x0 [0044.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ads", lpUsedDefaultChar=0x0) returned 3 [0044.265] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0x225b970, cchName=0x104 | out: lpName="Advanced INF Setup") returned 0x0 [0044.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0044.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x225c160, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advanced inf setup", lpUsedDefaultChar=0x0) returned 18 [0044.265] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0x225b970, cchName=0x104 | out: lpName="ALG") returned 0x0 [0044.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0044.266] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0x225b970, cchName=0x104 | out: lpName="ASP.NET") returned 0x0 [0044.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net", lpUsedDefaultChar=0x0) returned 7 [0044.267] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0x225b970, cchName=0x104 | out: lpName="Assistance") returned 0x0 [0044.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x225c1a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="assistance", lpUsedDefaultChar=0x0) returned 10 [0044.268] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0x225b970, cchName=0x104 | out: lpName="BidInterface") returned 0x0 [0044.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bidinterface", lpUsedDefaultChar=0x0) returned 12 [0044.268] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0x225b970, cchName=0x104 | out: lpName="COM3") returned 0x0 [0044.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="com3", lpUsedDefaultChar=0x0) returned 4 [0044.268] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0x225b970, cchName=0x104 | out: lpName="Command Processor") returned 0x0 [0044.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0044.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x225c160, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="command processor", lpUsedDefaultChar=0x0) returned 17 [0044.269] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0x225b970, cchName=0x104 | out: lpName="Connect to a Network Projector") returned 0x0 [0044.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0044.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x225c1a8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="connect to a network projector", lpUsedDefaultChar=0x0) returned 30 [0044.270] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0x225b970, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0044.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptography", lpUsedDefaultChar=0x0) returned 12 [0044.275] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0x225b970, cchName=0x104 | out: lpName="CTF") returned 0x0 [0044.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctf", lpUsedDefaultChar=0x0) returned 3 [0044.275] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0x225b970, cchName=0x104 | out: lpName="DataAccess") returned 0x0 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dataaccess", lpUsedDefaultChar=0x0) returned 10 [0044.276] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0x225b970, cchName=0x104 | out: lpName="DataFactory") returned 0x0 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datafactory", lpUsedDefaultChar=0x0) returned 11 [0044.276] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0x225b970, cchName=0x104 | out: lpName="DevDiv") returned 0x0 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="devdiv", lpUsedDefaultChar=0x0) returned 6 [0044.276] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0x225b970, cchName=0x104 | out: lpName="Dfrg") returned 0x0 [0044.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfrg", lpUsedDefaultChar=0x0) returned 4 [0044.277] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0x225b970, cchName=0x104 | out: lpName="DFS") returned 0x0 [0044.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfs", lpUsedDefaultChar=0x0) returned 3 [0044.277] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0x225b970, cchName=0x104 | out: lpName="DirectDraw") returned 0x0 [0044.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x225c1a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directdraw", lpUsedDefaultChar=0x0) returned 10 [0044.278] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0x225b970, cchName=0x104 | out: lpName="DirectInput") returned 0x0 [0044.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directinput", lpUsedDefaultChar=0x0) returned 11 [0044.279] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0x225b970, cchName=0x104 | out: lpName="DirectMusic") returned 0x0 [0044.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directmusic", lpUsedDefaultChar=0x0) returned 11 [0044.279] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0x225b970, cchName=0x104 | out: lpName="DirectPlay8") returned 0x0 [0044.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplay8", lpUsedDefaultChar=0x0) returned 11 [0044.280] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0x225b970, cchName=0x104 | out: lpName="DirectPlayNATHelp") returned 0x0 [0044.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0044.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x225c1a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplaynathelp", lpUsedDefaultChar=0x0) returned 17 [0044.280] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0x225b970, cchName=0x104 | out: lpName="DirectShow") returned 0x0 [0044.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directshow", lpUsedDefaultChar=0x0) returned 10 [0044.281] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0x225b970, cchName=0x104 | out: lpName="DirectX") returned 0x0 [0044.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directx", lpUsedDefaultChar=0x0) returned 7 [0044.282] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0x225b970, cchName=0x104 | out: lpName="Driver Signing") returned 0x0 [0044.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x225c160, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driver signing", lpUsedDefaultChar=0x0) returned 14 [0044.285] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0x225b970, cchName=0x104 | out: lpName="DRM") returned 0x0 [0044.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drm", lpUsedDefaultChar=0x0) returned 3 [0044.285] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0x225b970, cchName=0x104 | out: lpName="DVR") returned 0x0 [0044.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dvr", lpUsedDefaultChar=0x0) returned 3 [0044.286] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0x225b970, cchName=0x104 | out: lpName="DXP") returned 0x0 [0044.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dxp", lpUsedDefaultChar=0x0) returned 3 [0044.385] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0x225b970, cchName=0x104 | out: lpName="EnterpriseCertificates") returned 0x0 [0044.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0044.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x225c160, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enterprisecertificates", lpUsedDefaultChar=0x0) returned 22 [0044.386] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0x225b970, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0044.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0044.386] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0x225b970, cchName=0x104 | out: lpName="Exchange") returned 0x0 [0044.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exchange", lpUsedDefaultChar=0x0) returned 8 [0044.387] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0x225b970, cchName=0x104 | out: lpName="Fax") returned 0x0 [0044.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0044.388] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0x225b970, cchName=0x104 | out: lpName="Feeds") returned 0x0 [0044.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feeds", lpUsedDefaultChar=0x0) returned 5 [0044.388] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0x225b970, cchName=0x104 | out: lpName="FlashConfig") returned 0x0 [0044.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashconfig", lpUsedDefaultChar=0x0) returned 11 [0044.389] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0x225b970, cchName=0x104 | out: lpName="FTH") returned 0x0 [0044.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fth", lpUsedDefaultChar=0x0) returned 3 [0044.389] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0x225b970, cchName=0x104 | out: lpName="Function Discovery") returned 0x0 [0044.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0044.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x225c1a8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="function discovery", lpUsedDefaultChar=0x0) returned 18 [0044.390] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0x225b970, cchName=0x104 | out: lpName="Fusion") returned 0x0 [0044.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fusion", lpUsedDefaultChar=0x0) returned 6 [0044.391] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0x225b970, cchName=0x104 | out: lpName="GPUPipeline") returned 0x0 [0044.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpupipeline", lpUsedDefaultChar=0x0) returned 11 [0044.391] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0x225b970, cchName=0x104 | out: lpName="HTMLHelp") returned 0x0 [0044.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="htmlhelp", lpUsedDefaultChar=0x0) returned 8 [0044.392] RegEnumKeyW (in: hKey=0x38, dwIndex=0x28, lpName=0x225b970, cchName=0x104 | out: lpName="IdentityCRL") returned 0x0 [0044.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitycrl", lpUsedDefaultChar=0x0) returned 11 [0044.392] RegEnumKeyW (in: hKey=0x38, dwIndex=0x29, lpName=0x225b970, cchName=0x104 | out: lpName="IdentityStore") returned 0x0 [0044.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0044.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x225c160, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitystore", lpUsedDefaultChar=0x0) returned 13 [0044.393] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2a, lpName=0x225b970, cchName=0x104 | out: lpName="IMAPI") returned 0x0 [0044.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x225c1a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imapi", lpUsedDefaultChar=0x0) returned 5 [0044.394] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2b, lpName=0x225b970, cchName=0x104 | out: lpName="IMEJP") returned 0x0 [0044.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imejp", lpUsedDefaultChar=0x0) returned 5 [0044.394] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2c, lpName=0x225b970, cchName=0x104 | out: lpName="IMEKR") returned 0x0 [0044.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x225c1a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imekr", lpUsedDefaultChar=0x0) returned 5 [0044.396] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2d, lpName=0x225b970, cchName=0x104 | out: lpName="IMETC") returned 0x0 [0044.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imetc", lpUsedDefaultChar=0x0) returned 5 [0044.396] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2e, lpName=0x225b970, cchName=0x104 | out: lpName="Internet Account Manager") returned 0x0 [0044.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0044.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x225c1a8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet account manager", lpUsedDefaultChar=0x0) returned 24 [0044.396] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2f, lpName=0x225b970, cchName=0x104 | out: lpName="Internet Domains") returned 0x0 [0044.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0044.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x225c160, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet domains", lpUsedDefaultChar=0x0) returned 16 [0044.400] RegEnumKeyW (in: hKey=0x38, dwIndex=0x30, lpName=0x225b970, cchName=0x104 | out: lpName="Internet Explorer") returned 0x0 [0044.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0044.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x225c1a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet explorer", lpUsedDefaultChar=0x0) returned 17 [0044.400] RegEnumKeyW (in: hKey=0x38, dwIndex=0x31, lpName=0x225b970, cchName=0x104 | out: lpName="IsoBurn") returned 0x0 [0044.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isoburn", lpUsedDefaultChar=0x0) returned 7 [0044.401] RegEnumKeyW (in: hKey=0x38, dwIndex=0x32, lpName=0x225b970, cchName=0x104 | out: lpName="Loki") returned 0x0 [0044.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="loki", lpUsedDefaultChar=0x0) returned 4 [0044.401] RegEnumKeyW (in: hKey=0x38, dwIndex=0x33, lpName=0x225b970, cchName=0x104 | out: lpName="MediaCenterPeripheral") returned 0x0 [0044.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0044.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x225c160, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediacenterperipheral", lpUsedDefaultChar=0x0) returned 21 [0044.402] RegEnumKeyW (in: hKey=0x38, dwIndex=0x34, lpName=0x225b970, cchName=0x104 | out: lpName="MediaPlayer") returned 0x0 [0044.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediaplayer", lpUsedDefaultChar=0x0) returned 11 [0044.403] RegEnumKeyW (in: hKey=0x38, dwIndex=0x35, lpName=0x225b970, cchName=0x104 | out: lpName="MessengerService") returned 0x0 [0044.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0044.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x225c160, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messengerservice", lpUsedDefaultChar=0x0) returned 16 [0044.403] RegEnumKeyW (in: hKey=0x38, dwIndex=0x36, lpName=0x225b970, cchName=0x104 | out: lpName="Microsoft Reference") returned 0x0 [0044.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0044.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x225c1a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft reference", lpUsedDefaultChar=0x0) returned 19 [0044.404] RegEnumKeyW (in: hKey=0x38, dwIndex=0x37, lpName=0x225b970, cchName=0x104 | out: lpName="Microsoft SQL Server Compact Edition") returned 0x0 [0044.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0044.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x225c160, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sql server compact edition", lpUsedDefaultChar=0x0) returned 36 [0044.404] RegEnumKeyW (in: hKey=0x38, dwIndex=0x38, lpName=0x225b970, cchName=0x104 | out: lpName="MigWiz") returned 0x0 [0044.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x225c1a8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="migwiz", lpUsedDefaultChar=0x0) returned 6 [0044.405] RegEnumKeyW (in: hKey=0x38, dwIndex=0x39, lpName=0x225b970, cchName=0x104 | out: lpName="MMC") returned 0x0 [0044.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmc", lpUsedDefaultChar=0x0) returned 3 [0044.423] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3a, lpName=0x225b970, cchName=0x104 | out: lpName="Mobile") returned 0x0 [0044.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x225c1a8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mobile", lpUsedDefaultChar=0x0) returned 6 [0044.424] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3b, lpName=0x225b970, cchName=0x104 | out: lpName="MSBuild") returned 0x0 [0044.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msbuild", lpUsedDefaultChar=0x0) returned 7 [0044.424] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3c, lpName=0x225b970, cchName=0x104 | out: lpName="MSDE") returned 0x0 [0044.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msde", lpUsedDefaultChar=0x0) returned 4 [0044.425] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3d, lpName=0x225b970, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0044.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0044.425] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3e, lpName=0x225b970, cchName=0x104 | out: lpName="MSF") returned 0x0 [0044.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msf", lpUsedDefaultChar=0x0) returned 3 [0044.426] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3f, lpName=0x225b970, cchName=0x104 | out: lpName="MSLicensing") returned 0x0 [0044.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mslicensing", lpUsedDefaultChar=0x0) returned 11 [0044.430] RegEnumKeyW (in: hKey=0x38, dwIndex=0x40, lpName=0x225b970, cchName=0x104 | out: lpName="MSMQ") returned 0x0 [0044.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msmq", lpUsedDefaultChar=0x0) returned 4 [0044.430] RegEnumKeyW (in: hKey=0x38, dwIndex=0x41, lpName=0x225b970, cchName=0x104 | out: lpName="MSN Apps") returned 0x0 [0044.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msn apps", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msn apps", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msn apps", lpUsedDefaultChar=0x0) returned 8 [0044.430] RegEnumKeyW (in: hKey=0x38, dwIndex=0x42, lpName=0x225b970, cchName=0x104 | out: lpName="MSOSOAP") returned 0x0 [0044.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msosoap", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msosoap", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msosoap", lpUsedDefaultChar=0x0) returned 7 [0044.431] RegEnumKeyW (in: hKey=0x38, dwIndex=0x43, lpName=0x225b970, cchName=0x104 | out: lpName="MSSearch36") returned 0x0 [0044.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssearch36", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssearch36", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssearch36", lpUsedDefaultChar=0x0) returned 10 [0044.431] RegEnumKeyW (in: hKey=0x38, dwIndex=0x44, lpName=0x225b970, cchName=0x104 | out: lpName="MSSQLServer") returned 0x0 [0044.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssqlserver", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssqlserver", cchWideChar=11, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssqlserver", lpUsedDefaultChar=0x0) returned 11 [0044.432] RegEnumKeyW (in: hKey=0x38, dwIndex=0x45, lpName=0x225b970, cchName=0x104 | out: lpName="Multimedia") returned 0x0 [0044.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="multimedia", lpUsedDefaultChar=0x0) returned 10 [0044.433] RegEnumKeyW (in: hKey=0x38, dwIndex=0x46, lpName=0x225b970, cchName=0x104 | out: lpName="NapServer") returned 0x0 [0044.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napserver", cchWideChar=9, lpMultiByteStr=0x225c1a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="napserver", lpUsedDefaultChar=0x0) returned 9 [0044.433] RegEnumKeyW (in: hKey=0x38, dwIndex=0x47, lpName=0x225b970, cchName=0x104 | out: lpName="NET Framework Setup") returned 0x0 [0044.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="net framework setup", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0044.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="net framework setup", cchWideChar=19, lpMultiByteStr=0x225c160, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="net framework setup", lpUsedDefaultChar=0x0) returned 19 [0044.434] RegEnumKeyW (in: hKey=0x38, dwIndex=0x48, lpName=0x225b970, cchName=0x104 | out: lpName="NetSh") returned 0x0 [0044.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netsh", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netsh", cchWideChar=5, lpMultiByteStr=0x225c1a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh", lpUsedDefaultChar=0x0) returned 5 [0044.434] RegEnumKeyW (in: hKey=0x38, dwIndex=0x49, lpName=0x225b970, cchName=0x104 | out: lpName="Network") returned 0x0 [0044.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="network", lpUsedDefaultChar=0x0) returned 7 [0044.434] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4a, lpName=0x225b970, cchName=0x104 | out: lpName="NetworkAccessProtection") returned 0x0 [0044.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkaccessprotection", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0044.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkaccessprotection", cchWideChar=23, lpMultiByteStr=0x225c1a8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="networkaccessprotection", lpUsedDefaultChar=0x0) returned 23 [0044.435] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4b, lpName=0x225b970, cchName=0x104 | out: lpName="Non-Driver Signing") returned 0x0 [0044.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="non-driver signing", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0044.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="non-driver signing", cchWideChar=18, lpMultiByteStr=0x225c160, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="non-driver signing", lpUsedDefaultChar=0x0) returned 18 [0044.435] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4c, lpName=0x225b970, cchName=0x104 | out: lpName="Notepad") returned 0x0 [0044.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad", lpUsedDefaultChar=0x0) returned 7 [0044.435] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4d, lpName=0x225b970, cchName=0x104 | out: lpName="ODBC") returned 0x0 [0044.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="odbc", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="odbc", cchWideChar=4, lpMultiByteStr=0x225c160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="odbc", lpUsedDefaultChar=0x0) returned 4 [0044.436] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4e, lpName=0x225b970, cchName=0x104 | out: lpName="Office") returned 0x0 [0044.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x225c1a8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="office", lpUsedDefaultChar=0x0) returned 6 [0044.436] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4f, lpName=0x225b970, cchName=0x104 | out: lpName="OfficeSoftwareProtectionPlatform") returned 0x0 [0044.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="officesoftwareprotectionplatform", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0044.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="officesoftwareprotectionplatform", cchWideChar=32, lpMultiByteStr=0x225c160, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="officesoftwareprotectionplatform", lpUsedDefaultChar=0x0) returned 32 [0044.437] RegEnumKeyW (in: hKey=0x38, dwIndex=0x50, lpName=0x225b970, cchName=0x104 | out: lpName="Ole") returned 0x0 [0044.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ole", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ole", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ole", lpUsedDefaultChar=0x0) returned 3 [0044.437] RegEnumKeyW (in: hKey=0x38, dwIndex=0x51, lpName=0x225b970, cchName=0x104 | out: lpName="Outlook Express") returned 0x0 [0044.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="outlook express", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="outlook express", cchWideChar=15, lpMultiByteStr=0x225c160, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook express", lpUsedDefaultChar=0x0) returned 15 [0044.437] RegEnumKeyW (in: hKey=0x38, dwIndex=0x52, lpName=0x225b970, cchName=0x104 | out: lpName="PLA") returned 0x0 [0044.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pla", lpUsedDefaultChar=0x0) returned 3 [0044.437] RegEnumKeyW (in: hKey=0x38, dwIndex=0x53, lpName=0x225b970, cchName=0x104 | out: lpName="PowerShell") returned 0x0 [0044.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powershell", lpUsedDefaultChar=0x0) returned 10 [0044.438] RegEnumKeyW (in: hKey=0x38, dwIndex=0x54, lpName=0x225b970, cchName=0x104 | out: lpName="Print") returned 0x0 [0044.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="print", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="print", cchWideChar=5, lpMultiByteStr=0x225c1a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="print", lpUsedDefaultChar=0x0) returned 5 [0044.438] RegEnumKeyW (in: hKey=0x38, dwIndex=0x55, lpName=0x225b970, cchName=0x104 | out: lpName="RADAR") returned 0x0 [0044.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="radar", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="radar", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="radar", lpUsedDefaultChar=0x0) returned 5 [0044.439] RegEnumKeyW (in: hKey=0x38, dwIndex=0x56, lpName=0x225b970, cchName=0x104 | out: lpName="Ras") returned 0x0 [0044.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras", lpUsedDefaultChar=0x0) returned 3 [0044.439] RegEnumKeyW (in: hKey=0x38, dwIndex=0x57, lpName=0x225b970, cchName=0x104 | out: lpName="RAS AutoDial") returned 0x0 [0044.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras autodial", lpUsedDefaultChar=0x0) returned 12 [0044.439] RegEnumKeyW (in: hKey=0x38, dwIndex=0x58, lpName=0x225b970, cchName=0x104 | out: lpName="Reliability Analysis") returned 0x0 [0044.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="reliability analysis", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="reliability analysis", cchWideChar=20, lpMultiByteStr=0x225c1a8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reliability analysis", lpUsedDefaultChar=0x0) returned 20 [0044.440] RegEnumKeyW (in: hKey=0x38, dwIndex=0x59, lpName=0x225b970, cchName=0x104 | out: lpName="RemovalTools") returned 0x0 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="removaltools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="removaltools", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="removaltools", lpUsedDefaultChar=0x0) returned 12 [0044.440] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5a, lpName=0x225b970, cchName=0x104 | out: lpName="RendezvousApps") returned 0x0 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rendezvousapps", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rendezvousapps", cchWideChar=14, lpMultiByteStr=0x225c1a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rendezvousapps", lpUsedDefaultChar=0x0) returned 14 [0044.440] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5b, lpName=0x225b970, cchName=0x104 | out: lpName="Router") returned 0x0 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="router", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="router", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="router", lpUsedDefaultChar=0x0) returned 6 [0044.441] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5c, lpName=0x225b970, cchName=0x104 | out: lpName="Rpc") returned 0x0 [0044.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpc", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpc", lpUsedDefaultChar=0x0) returned 3 [0044.441] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5d, lpName=0x225b970, cchName=0x104 | out: lpName="SchedulingAgent") returned 0x0 [0044.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedulingagent", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedulingagent", cchWideChar=15, lpMultiByteStr=0x225c160, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schedulingagent", lpUsedDefaultChar=0x0) returned 15 [0044.441] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5e, lpName=0x225b970, cchName=0x104 | out: lpName="Schema Library") returned 0x0 [0044.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schema library", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schema library", cchWideChar=14, lpMultiByteStr=0x225c1a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schema library", lpUsedDefaultChar=0x0) returned 14 [0044.442] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5f, lpName=0x225b970, cchName=0x104 | out: lpName="Security Center") returned 0x0 [0044.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security center", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security center", cchWideChar=15, lpMultiByteStr=0x225c160, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security center", lpUsedDefaultChar=0x0) returned 15 [0044.442] RegEnumKeyW (in: hKey=0x38, dwIndex=0x60, lpName=0x225b970, cchName=0x104 | out: lpName="Sensors") returned 0x0 [0044.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensors", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensors", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sensors", lpUsedDefaultChar=0x0) returned 7 [0044.443] RegEnumKeyW (in: hKey=0x38, dwIndex=0x61, lpName=0x225b970, cchName=0x104 | out: lpName="Shared") returned 0x0 [0044.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared", lpUsedDefaultChar=0x0) returned 6 [0044.443] RegEnumKeyW (in: hKey=0x38, dwIndex=0x62, lpName=0x225b970, cchName=0x104 | out: lpName="Shared Tools") returned 0x0 [0044.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x225c1a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools", lpUsedDefaultChar=0x0) returned 12 [0044.444] RegEnumKeyW (in: hKey=0x38, dwIndex=0x63, lpName=0x225b970, cchName=0x104 | out: lpName="Shared Tools Location") returned 0x0 [0044.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools location", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0044.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools location", cchWideChar=21, lpMultiByteStr=0x225c160, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools location", lpUsedDefaultChar=0x0) returned 21 [0044.444] RegEnumKeyW (in: hKey=0x38, dwIndex=0x64, lpName=0x225b970, cchName=0x104 | out: lpName="SideShow") returned 0x0 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x225c1a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sideshow", lpUsedDefaultChar=0x0) returned 8 [0044.445] RegEnumKeyW (in: hKey=0x38, dwIndex=0x65, lpName=0x225b970, cchName=0x104 | out: lpName="SnippingTool") returned 0x0 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snippingtool", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snippingtool", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snippingtool", lpUsedDefaultChar=0x0) returned 12 [0044.445] RegEnumKeyW (in: hKey=0x38, dwIndex=0x66, lpName=0x225b970, cchName=0x104 | out: lpName="Software") returned 0x0 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x225c1a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0044.445] RegEnumKeyW (in: hKey=0x38, dwIndex=0x67, lpName=0x225b970, cchName=0x104 | out: lpName="Speech") returned 0x0 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="speech", lpUsedDefaultChar=0x0) returned 6 [0044.445] RegEnumKeyW (in: hKey=0x38, dwIndex=0x68, lpName=0x225b970, cchName=0x104 | out: lpName="SQMClient") returned 0x0 [0044.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x225c1a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sqmclient", lpUsedDefaultChar=0x0) returned 9 [0044.446] RegEnumKeyW (in: hKey=0x38, dwIndex=0x69, lpName=0x225b970, cchName=0x104 | out: lpName="Sync Framework") returned 0x0 [0044.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sync framework", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sync framework", cchWideChar=14, lpMultiByteStr=0x225c160, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sync framework", lpUsedDefaultChar=0x0) returned 14 [0044.446] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6a, lpName=0x225b970, cchName=0x104 | out: lpName="Sysprep") returned 0x0 [0044.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysprep", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysprep", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sysprep", lpUsedDefaultChar=0x0) returned 7 [0044.446] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6b, lpName=0x225b970, cchName=0x104 | out: lpName="SystemCertificates") returned 0x0 [0044.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0044.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x225c160, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="systemcertificates", lpUsedDefaultChar=0x0) returned 18 [0044.447] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6c, lpName=0x225b970, cchName=0x104 | out: lpName="TableTextService") returned 0x0 [0044.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletextservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0044.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletextservice", cchWideChar=16, lpMultiByteStr=0x225c1a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tabletextservice", lpUsedDefaultChar=0x0) returned 16 [0044.447] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6d, lpName=0x225b970, cchName=0x104 | out: lpName="TabletTip") returned 0x0 [0044.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tablettip", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tablettip", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tablettip", lpUsedDefaultChar=0x0) returned 9 [0044.447] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6e, lpName=0x225b970, cchName=0x104 | out: lpName="Tcpip") returned 0x0 [0044.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tcpip", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tcpip", cchWideChar=5, lpMultiByteStr=0x225c1a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tcpip", lpUsedDefaultChar=0x0) returned 5 [0044.448] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6f, lpName=0x225b970, cchName=0x104 | out: lpName="Terminal Server Client") returned 0x0 [0044.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="terminal server client", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0044.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="terminal server client", cchWideChar=22, lpMultiByteStr=0x225c160, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="terminal server client", lpUsedDefaultChar=0x0) returned 22 [0044.448] RegEnumKeyW (in: hKey=0x38, dwIndex=0x70, lpName=0x225b970, cchName=0x104 | out: lpName="TermServLicensing") returned 0x0 [0044.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservlicensing", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0044.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservlicensing", cchWideChar=17, lpMultiByteStr=0x225c1a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="termservlicensing", lpUsedDefaultChar=0x0) returned 17 [0044.448] RegEnumKeyW (in: hKey=0x38, dwIndex=0x71, lpName=0x225b970, cchName=0x104 | out: lpName="TIP Shared") returned 0x0 [0044.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tip shared", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tip shared", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tip shared", lpUsedDefaultChar=0x0) returned 10 [0044.449] RegEnumKeyW (in: hKey=0x38, dwIndex=0x72, lpName=0x225b970, cchName=0x104 | out: lpName="TPG") returned 0x0 [0044.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpg", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tpg", lpUsedDefaultChar=0x0) returned 3 [0044.449] RegEnumKeyW (in: hKey=0x38, dwIndex=0x73, lpName=0x225b970, cchName=0x104 | out: lpName="Tpm") returned 0x0 [0044.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpm", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tpm", lpUsedDefaultChar=0x0) returned 3 [0044.450] RegEnumKeyW (in: hKey=0x38, dwIndex=0x74, lpName=0x225b970, cchName=0x104 | out: lpName="Tracing") returned 0x0 [0044.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tracing", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tracing", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tracing", lpUsedDefaultChar=0x0) returned 7 [0044.450] RegEnumKeyW (in: hKey=0x38, dwIndex=0x75, lpName=0x225b970, cchName=0x104 | out: lpName="Transaction Server") returned 0x0 [0044.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transaction server", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0044.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transaction server", cchWideChar=18, lpMultiByteStr=0x225c160, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transaction server", lpUsedDefaultChar=0x0) returned 18 [0044.450] RegEnumKeyW (in: hKey=0x38, dwIndex=0x76, lpName=0x225b970, cchName=0x104 | out: lpName="TV System Services") returned 0x0 [0044.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tv system services", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0044.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tv system services", cchWideChar=18, lpMultiByteStr=0x225c1a8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tv system services", lpUsedDefaultChar=0x0) returned 18 [0044.451] RegEnumKeyW (in: hKey=0x38, dwIndex=0x77, lpName=0x225b970, cchName=0x104 | out: lpName="uDRM") returned 0x0 [0044.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="udrm", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="udrm", cchWideChar=4, lpMultiByteStr=0x225c160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="udrm", lpUsedDefaultChar=0x0) returned 4 [0044.451] RegEnumKeyW (in: hKey=0x38, dwIndex=0x78, lpName=0x225b970, cchName=0x104 | out: lpName="Updates") returned 0x0 [0044.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="updates", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="updates", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updates", lpUsedDefaultChar=0x0) returned 7 [0044.451] RegEnumKeyW (in: hKey=0x38, dwIndex=0x79, lpName=0x225b970, cchName=0x104 | out: lpName="UPnP Device Host") returned 0x0 [0044.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnp device host", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0044.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnp device host", cchWideChar=16, lpMultiByteStr=0x225c160, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="upnp device host", lpUsedDefaultChar=0x0) returned 16 [0044.452] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7a, lpName=0x225b970, cchName=0x104 | out: lpName="VBA") returned 0x0 [0044.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vba", lpUsedDefaultChar=0x0) returned 3 [0044.452] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7b, lpName=0x225b970, cchName=0x104 | out: lpName="Virtual Machine") returned 0x0 [0044.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="virtual machine", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="virtual machine", cchWideChar=15, lpMultiByteStr=0x225c160, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="virtual machine", lpUsedDefaultChar=0x0) returned 15 [0044.452] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7c, lpName=0x225b970, cchName=0x104 | out: lpName="VisualStudio") returned 0x0 [0044.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x225c1a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="visualstudio", lpUsedDefaultChar=0x0) returned 12 [0044.453] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7d, lpName=0x225b970, cchName=0x104 | out: lpName="WAB") returned 0x0 [0044.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wab", lpUsedDefaultChar=0x0) returned 3 [0044.453] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7e, lpName=0x225b970, cchName=0x104 | out: lpName="WBEM") returned 0x0 [0044.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbem", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbem", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbem", lpUsedDefaultChar=0x0) returned 4 [0044.454] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7f, lpName=0x225b970, cchName=0x104 | out: lpName="WIMMount") returned 0x0 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wimmount", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wimmount", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wimmount", lpUsedDefaultChar=0x0) returned 8 [0044.454] RegEnumKeyW (in: hKey=0x38, dwIndex=0x80, lpName=0x225b970, cchName=0x104 | out: lpName="Windows") returned 0x0 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="windows", lpUsedDefaultChar=0x0) returned 7 [0044.454] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Windows", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0044.454] RegCloseKey (hKey=0x38) returned 0x0 [0044.454] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x225b970, cchName=0x104 | out: lpName="CurrentVersion") returned 0x0 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x225c160, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentversion", lpUsedDefaultChar=0x0) returned 14 [0044.455] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="CurrentVersion", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0044.455] RegCloseKey (hKey=0xcc) returned 0x0 [0044.455] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0x225b970, cchName=0x104 | out: lpName="App Management") returned 0x0 [0044.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app management", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app management", cchWideChar=14, lpMultiByteStr=0x225c1a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="app management", lpUsedDefaultChar=0x0) returned 14 [0044.456] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0x225b970, cchName=0x104 | out: lpName="App Paths") returned 0x0 [0044.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app paths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app paths", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="app paths", lpUsedDefaultChar=0x0) returned 9 [0044.456] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0x225b970, cchName=0x104 | out: lpName="Applets") returned 0x0 [0044.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="applets", lpUsedDefaultChar=0x0) returned 7 [0044.456] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0x225b970, cchName=0x104 | out: lpName="Audio") returned 0x0 [0044.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audio", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audio", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audio", lpUsedDefaultChar=0x0) returned 5 [0044.460] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0x225b970, cchName=0x104 | out: lpName="Authentication") returned 0x0 [0044.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="authentication", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="authentication", cchWideChar=14, lpMultiByteStr=0x225c1a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="authentication", lpUsedDefaultChar=0x0) returned 14 [0044.460] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0x225b970, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0044.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitlocker", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitlocker", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitlocker", lpUsedDefaultChar=0x0) returned 9 [0044.461] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0x225b970, cchName=0x104 | out: lpName="BITS") returned 0x0 [0044.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x225c1a8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0044.461] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0x225b970, cchName=0x104 | out: lpName="Component Based Servicing") returned 0x0 [0044.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="component based servicing", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0044.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="component based servicing", cchWideChar=25, lpMultiByteStr=0x225c160, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="component based servicing", lpUsedDefaultChar=0x0) returned 25 [0044.461] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0x225b970, cchName=0x104 | out: lpName="Control Panel") returned 0x0 [0044.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0044.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x225c1a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control panel", lpUsedDefaultChar=0x0) returned 13 [0044.462] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0x225b970, cchName=0x104 | out: lpName="Controls Folder") returned 0x0 [0044.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder", cchWideChar=15, lpMultiByteStr=0x225c160, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controls folder", lpUsedDefaultChar=0x0) returned 15 [0044.462] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0x225b970, cchName=0x104 | out: lpName="DateTime") returned 0x0 [0044.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datetime", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datetime", cchWideChar=8, lpMultiByteStr=0x225c1a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datetime", lpUsedDefaultChar=0x0) returned 8 [0044.462] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0x225b970, cchName=0x104 | out: lpName="Device Installer") returned 0x0 [0044.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device installer", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0044.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device installer", cchWideChar=16, lpMultiByteStr=0x225c160, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="device installer", lpUsedDefaultChar=0x0) returned 16 [0044.463] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0x225b970, cchName=0x104 | out: lpName="Device Metadata") returned 0x0 [0044.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device metadata", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device metadata", cchWideChar=15, lpMultiByteStr=0x225c1a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="device metadata", lpUsedDefaultChar=0x0) returned 15 [0044.463] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0x225b970, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0044.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagnostics", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagnostics", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="diagnostics", lpUsedDefaultChar=0x0) returned 11 [0044.463] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0x225b970, cchName=0x104 | out: lpName="DriverSearching") returned 0x0 [0044.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driversearching", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driversearching", cchWideChar=15, lpMultiByteStr=0x225c1a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driversearching", lpUsedDefaultChar=0x0) returned 15 [0044.464] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0x225b970, cchName=0x104 | out: lpName="EventCollector") returned 0x0 [0044.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventcollector", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventcollector", cchWideChar=14, lpMultiByteStr=0x225c160, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventcollector", lpUsedDefaultChar=0x0) returned 14 [0044.464] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0x225b970, cchName=0x104 | out: lpName="EventForwarding") returned 0x0 [0044.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventforwarding", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventforwarding", cchWideChar=15, lpMultiByteStr=0x225c1a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventforwarding", lpUsedDefaultChar=0x0) returned 15 [0044.469] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0x225b970, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0044.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0044.469] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0x225b970, cchName=0x104 | out: lpName="Ext") returned 0x0 [0044.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ext", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ext", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ext", lpUsedDefaultChar=0x0) returned 3 [0044.469] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0x225b970, cchName=0x104 | out: lpName="GameUX") returned 0x0 [0044.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gameux", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gameux", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gameux", lpUsedDefaultChar=0x0) returned 6 [0044.470] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0x225b970, cchName=0x104 | out: lpName="Group Policy") returned 0x0 [0044.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="group policy", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="group policy", cchWideChar=12, lpMultiByteStr=0x225c1a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="group policy", lpUsedDefaultChar=0x0) returned 12 [0044.470] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0x225b970, cchName=0x104 | out: lpName="Hints") returned 0x0 [0044.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hints", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hints", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hints", lpUsedDefaultChar=0x0) returned 5 [0044.471] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0x225b970, cchName=0x104 | out: lpName="HomeGroup") returned 0x0 [0044.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroup", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroup", cchWideChar=9, lpMultiByteStr=0x225c1a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroup", lpUsedDefaultChar=0x0) returned 9 [0044.471] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0x225b970, cchName=0x104 | out: lpName="HotStart") returned 0x0 [0044.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hotstart", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hotstart", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hotstart", lpUsedDefaultChar=0x0) returned 8 [0044.487] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0x225b970, cchName=0x104 | out: lpName="IME") returned 0x0 [0044.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x225c1a8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ime", lpUsedDefaultChar=0x0) returned 3 [0044.487] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0x225b970, cchName=0x104 | out: lpName="Installer") returned 0x0 [0044.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="installer", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="installer", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installer", lpUsedDefaultChar=0x0) returned 9 [0044.487] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0x225b970, cchName=0x104 | out: lpName="Internet Settings") returned 0x0 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet settings", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet settings", cchWideChar=17, lpMultiByteStr=0x225c1a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet settings", lpUsedDefaultChar=0x0) returned 17 [0044.488] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0x225b970, cchName=0x104 | out: lpName="MCT") returned 0x0 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mct", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mct", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mct", lpUsedDefaultChar=0x0) returned 3 [0044.488] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0x225b970, cchName=0x104 | out: lpName="Media Center") returned 0x0 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="media center", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="media center", cchWideChar=12, lpMultiByteStr=0x225c1a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="media center", lpUsedDefaultChar=0x0) returned 12 [0044.488] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0x225b970, cchName=0x104 | out: lpName="MMDevices") returned 0x0 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmdevices", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmdevices", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmdevices", lpUsedDefaultChar=0x0) returned 9 [0044.488] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0x225b970, cchName=0x104 | out: lpName="MSSHA") returned 0x0 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssha", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssha", cchWideChar=5, lpMultiByteStr=0x225c1a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssha", lpUsedDefaultChar=0x0) returned 5 [0044.488] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0x225b970, cchName=0x104 | out: lpName="NetCache") returned 0x0 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netcache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netcache", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netcache", lpUsedDefaultChar=0x0) returned 8 [0044.489] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0x225b970, cchName=0x104 | out: lpName="OEMInformation") returned 0x0 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oeminformation", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oeminformation", cchWideChar=14, lpMultiByteStr=0x225c1a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oeminformation", lpUsedDefaultChar=0x0) returned 14 [0044.489] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0x225b970, cchName=0x104 | out: lpName="OOBE") returned 0x0 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oobe", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oobe", cchWideChar=4, lpMultiByteStr=0x225c160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oobe", lpUsedDefaultChar=0x0) returned 4 [0044.489] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0x225b970, cchName=0x104 | out: lpName="OptimalLayout") returned 0x0 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="optimallayout", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="optimallayout", cchWideChar=13, lpMultiByteStr=0x225c1a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="optimallayout", lpUsedDefaultChar=0x0) returned 13 [0044.489] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0x225b970, cchName=0x104 | out: lpName="Parental Controls") returned 0x0 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="parental controls", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="parental controls", cchWideChar=17, lpMultiByteStr=0x225c160, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="parental controls", lpUsedDefaultChar=0x0) returned 17 [0044.489] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0x225b970, cchName=0x104 | out: lpName="Personalization") returned 0x0 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="personalization", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0044.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="personalization", cchWideChar=15, lpMultiByteStr=0x225c1a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="personalization", lpUsedDefaultChar=0x0) returned 15 [0044.489] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0x225b970, cchName=0x104 | out: lpName="PhotoPropertyHandler") returned 0x0 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="photopropertyhandler", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="photopropertyhandler", cchWideChar=20, lpMultiByteStr=0x225c160, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="photopropertyhandler", lpUsedDefaultChar=0x0) returned 20 [0044.490] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0x225b970, cchName=0x104 | out: lpName="PnPSysprep") returned 0x0 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnpsysprep", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnpsysprep", cchWideChar=10, lpMultiByteStr=0x225c1a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnpsysprep", lpUsedDefaultChar=0x0) returned 10 [0044.490] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0x225b970, cchName=0x104 | out: lpName="Policies") returned 0x0 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0044.490] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Policies", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0044.490] RegCloseKey (hKey=0x38) returned 0x0 [0044.490] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x225b970, cchName=0x104 | out: lpName="ActiveDesktop") returned 0x0 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activedesktop", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0044.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activedesktop", cchWideChar=13, lpMultiByteStr=0x225c1a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="activedesktop", lpUsedDefaultChar=0x0) returned 13 [0044.490] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x225b970, cchName=0x104 | out: lpName="Attachments") returned 0x0 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="attachments", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="attachments", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="attachments", lpUsedDefaultChar=0x0) returned 11 [0044.491] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x225b970, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x225c1a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0044.491] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x225b970, cchName=0x104 | out: lpName="NonEnum") returned 0x0 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nonenum", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nonenum", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nonenum", lpUsedDefaultChar=0x0) returned 7 [0044.491] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x225b970, cchName=0x104 | out: lpName="System") returned 0x0 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x225c1a8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0044.491] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="System", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0044.491] RegCloseKey (hKey=0xcc) returned 0x0 [0044.491] RegEnumValueA (in: hKey=0x38, dwIndex=0x0, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorAdmin", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x1, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorUser", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x2, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableInstallerDetection", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x3, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableLUA", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x4, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableSecureUIAPaths", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x5, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableUIADesktopToggle", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x6, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableVirtualization", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x7, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="PromptOnSecureDesktop", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x8, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ValidateAdminCodeSignatures", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0x9, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="dontdisplaylastusername", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.492] RegEnumValueA (in: hKey=0x38, dwIndex=0xa, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticecaption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.493] RegEnumValueA (in: hKey=0x38, dwIndex=0xb, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticetext", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.493] RegEnumValueA (in: hKey=0x38, dwIndex=0xc, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="scforceoption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.493] RegEnumValueA (in: hKey=0x38, dwIndex=0xd, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="shutdownwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.493] RegEnumValueA (in: hKey=0x38, dwIndex=0xe, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="undockwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.493] RegEnumValueA (in: hKey=0x38, dwIndex=0xf, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0044.493] RegEnumValueA (in: hKey=0x38, dwIndex=0x10, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0044.493] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x0, lpcbData=0x18fc34*=0x0 | out: lpType=0x18fc2c*=0x4, lpData=0x0, lpcbData=0x18fc34*=0x4) returned 0x0 [0044.493] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x225c4c0, lpcbData=0x18fc34*=0x4 | out: lpType=0x18fc2c*=0x4, lpData=0x225c4c0*=0x1, lpcbData=0x18fc34*=0x4) returned 0x0 [0044.493] RegCloseKey (hKey=0x38) returned 0x0 [0044.493] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fca8 | out: TokenHandle=0x18fca8*=0x38) returned 1 [0044.493] GetTokenInformation (in: TokenHandle=0x38, TokenInformationClass=0x14, TokenInformation=0x18fca4, TokenInformationLength=0x4, ReturnLength=0x18fca0 | out: TokenInformation=0x18fca4, ReturnLength=0x18fca0) returned 1 [0044.493] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc94 | out: TokenHandle=0x18fc94*=0xcc) returned 1 [0044.493] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc90 | out: TokenInformation=0x0, ReturnLength=0x18fc90) returned 0 [0044.493] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x225c628, TokenInformationLength=0x14, ReturnLength=0x18fc90 | out: TokenInformation=0x225c628, ReturnLength=0x18fc90) returned 1 [0044.494] GetSidSubAuthorityCount (pSid=0x225c630*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x225c631 [0044.494] GetSidSubAuthority (pSid=0x225c630*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x225c638 [0044.494] NtClose (Handle=0xcc) returned 0x0 [0044.495] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0044.500] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x56d5f0, lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50 | out: lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50) returned 1 [0044.500] CreateMutexA (lpMutexAttributes=0x18fd9c, bInitialOwner=0, lpName="") returned 0x110 [0044.500] GetLastError () returned 0x0 [0044.500] LocalFree (hMem=0x56d5f0) returned 0x0 [0044.501] CryptAcquireContextW (in: phProv=0x18fdc8, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fdc8*=0x56d5f0) returned 1 [0045.222] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0045.223] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x56b518, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0045.223] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x114 [0045.223] GetLastError () returned 0x0 [0045.223] LocalFree (hMem=0x56b518) returned 0x0 [0045.223] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0045.224] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x56b518, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0045.224] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x118 [0045.224] GetLastError () returned 0x0 [0045.224] LocalFree (hMem=0x56b518) returned 0x0 [0045.224] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0045.227] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x56b518, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0045.227] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x120 [0045.227] GetLastError () returned 0x0 [0045.227] LocalFree (hMem=0x56b518) returned 0x0 [0045.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c310, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0045.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c310, cbMultiByte=10, lpWideCharStr=0x225bb90, cchWideChar=10 | out: lpWideCharStr="svsho*.exe") returned 10 [0045.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c280, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c280, cbMultiByte=10, lpWideCharStr=0x225bc40, cchWideChar=10 | out: lpWideCharStr="schre*.bat") returned 10 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c238, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c238, cbMultiByte=7, lpWideCharStr=0x225fe60, cchWideChar=7 | out: lpWideCharStr="V01.lo*") returned 7 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1f0, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1f0, cbMultiByte=7, lpWideCharStr=0x225fee8, cchWideChar=7 | out: lpWideCharStr="V01.ch*") returned 7 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=11, lpWideCharStr=0x1ec0448, cchWideChar=11 | out: lpWideCharStr="V01res*.jrs") returned 11 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=11, lpWideCharStr=0x1ec04d0, cchWideChar=11 | out: lpWideCharStr="RacWmi*.sdf") returned 11 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=11, lpWideCharStr=0x1ec0558, cchWideChar=11 | out: lpWideCharStr="Web*V01.dat") returned 11 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=25, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=25, lpWideCharStr=0x1ec05e0, cchWideChar=25 | out: lpWideCharStr="System Volume Information") returned 25 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1f0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1f0, cbMultiByte=12, lpWideCharStr=0x1ec0668, cchWideChar=12 | out: lpWideCharStr="$RECYCLE.BIN") returned 12 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c238, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c238, cbMultiByte=8, lpWideCharStr=0x1ec0818, cchWideChar=8 | out: lpWideCharStr="WebCache") returned 8 [0045.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=6, lpWideCharStr=0x1ec08a0, cchWideChar=6 | out: lpWideCharStr="Caches") returned 6 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c238, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c238, cbMultiByte=11, lpWideCharStr=0x1ec0928, cchWideChar=11 | out: lpWideCharStr="MSSQLSERVER") returned 11 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1f0, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1f0, cbMultiByte=14, lpWideCharStr=0x1ec09b0, cchWideChar=14 | out: lpWideCharStr="SQLSERVERAGENT") returned 14 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=9, lpWideCharStr=0x1ec0a38, cchWideChar=9 | out: lpWideCharStr="SQLWriter") returned 9 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=14, lpWideCharStr=0x1ec0ac0, cchWideChar=14 | out: lpWideCharStr="MsDtsServer100") returned 14 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c280, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c280, cbMultiByte=14, lpWideCharStr=0x1ec0b48, cchWideChar=14 | out: lpWideCharStr="MsDtsServer110") returned 14 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=12, lpWideCharStr=0x1ec0bd0, cchWideChar=12 | out: lpWideCharStr="AcronisAgent") returned 12 [0045.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0045.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=9, lpWideCharStr=0x1ec0c58, cchWideChar=9 | out: lpWideCharStr="exfba.exe") returned 9 [0045.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c2c8, cbMultiByte=8, lpWideCharStr=0x1ec0ce0, cchWideChar=8 | out: lpWideCharStr="vmwp.exe") returned 8 [0045.235] ExpandEnvironmentStringsA (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\", lpDst=0x1ec2778, nSize=0x2800 | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 0x32 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1ec2778, cbMultiByte=49, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1ec2778, cbMultiByte=49, lpWideCharStr=0x1ec0d68, cchWideChar=49 | out: lpWideCharStr="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 49 [0045.236] ExpandEnvironmentStringsA (in: lpSrc="%windir%", lpDst=0x1ec2778, nSize=0x2800 | out: lpDst="C:\\Windows") returned 0xb [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1ec2778, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1ec2778, cbMultiByte=10, lpWideCharStr=0x1ec0df0, cchWideChar=10 | out: lpWideCharStr="C:\\Windows") returned 10 [0045.236] ExpandEnvironmentStringsA (in: lpSrc="%temp%", lpDst=0x1ec2778, nSize=0x2800 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1ec2778, cbMultiByte=36, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 36 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1ec2778, cbMultiByte=36, lpWideCharStr=0x1ec0e78, cchWideChar=36 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 36 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c1a8, cbMultiByte=7, lpWideCharStr=0x1ec0f00, cchWideChar=7 | out: lpWideCharStr=".locked") returned 7 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c508, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0045.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c508, cbMultiByte=11, lpWideCharStr=0x1ec0f88, cchWideChar=11 | out: lpWideCharStr=".readme_txt") returned 11 [0045.237] WaitForSingleObject (hHandle=0x110, dwMilliseconds=0xffffffff) returned 0x0 [0045.237] GetSystemWow64DirectoryW (in: lpBuffer=0x1ec7a18, uSize=0x40 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0045.237] FindFirstFileExW (in: lpFileName="C:\\Windows\\SysWOW64\\*.dll", fInfoLevelId=0x1, lpFindFileData=0x18fafc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18fafc) returned 0x56d6b0 [0045.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AACLIENT.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.238] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x225c988, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCESSIBILITYCPL.DLL", lpUsedDefaultChar=0x0) returned 20 [0045.249] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCTRES.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.249] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLEDIT.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.249] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x225c940, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLUI.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.249] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACPPAGE.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.249] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x225c940, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTER.DLL", lpUsedDefaultChar=0x0) returned 16 [0045.250] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x225c988, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTERCPL.DLL", lpUsedDefaultChar=0x0) returned 19 [0045.250] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIVEDS.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.250] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTXPRXY.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.250] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMPARSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.250] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMTMPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.250] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x225c940, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 14 [0045.251] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDP.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.251] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDPC.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.251] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSMSEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.251] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x225c940, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSNT.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.251] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x225c988, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADTSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 13 [0045.251] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVAPI32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.252] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVPACK.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.252] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AECACHE.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.252] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AEEVTS.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.252] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALTTAB.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.252] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMSTREAM.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.252] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMXREAD.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.253] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x225c988, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APDS.DLL", lpUsedDefaultChar=0x0) returned 8 [0045.253] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x225c940, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0045.253] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x225c988, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0045.253] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0045.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x225c940, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0045.254] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0045.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x225c988, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0045.254] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0045.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x225c940, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0045.254] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.264] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c940, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.264] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c988, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.264] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c940, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.264] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.265] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c940, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.265] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x225c988, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 38 [0045.265] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x225c940, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 29 [0045.265] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x225c988, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0045.265] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x225c940, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0045.265] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x225c988, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0045.266] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x225c940, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0045.266] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.266] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c940, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.266] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x225c988, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0045.266] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x225c940, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 45 [0045.266] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x225c988, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 41 [0045.267] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x225c940, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", lpUsedDefaultChar=0x0) returned 41 [0045.267] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x225c988, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0045.267] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x225c940, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0045.267] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.267] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0045.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x225c940, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0045.267] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x225c988, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0045.268] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x225c940, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0045.268] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x225c988, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0045.268] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x225c940, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0045.268] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c988, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.268] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c940, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.269] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.269] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c940, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.269] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.269] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x225c940, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0045.269] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0045.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x225c988, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0045.269] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x225c940, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0045.270] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x225c988, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0045.270] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x225c940, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0045.270] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x225c988, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0045.270] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c940, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.270] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c988, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.270] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c940, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.271] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x225c988, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0045.271] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x225c940, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0045.271] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x225c988, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0045.271] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x225c940, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0045.271] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x225c988, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0045.272] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x225c940, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0045.272] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x225c988, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0045.272] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x225c940, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0045.272] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x225c988, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0045.272] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x225c940, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0045.272] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0045.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x225c988, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0045.273] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x225c940, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0045.273] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APILOGEN.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.273] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APIRCL.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.273] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x225c988, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APISETSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 16 [0045.273] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHELP.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.273] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHLPDM.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.274] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDAPI.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.274] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x225c988, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDPOLICYENGINEAPI.DLL", lpUsedDefaultChar=0x0) returned 24 [0045.274] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGMTS.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.274] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGR.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.274] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x225c940, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APSS.DLL", lpUsedDefaultChar=0x0) returned 8 [0045.274] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASFERROR.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.275] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x225c940, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASPNET_COUNTERS.DLL", lpUsedDefaultChar=0x0) returned 19 [0045.275] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASYCFILT.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.275] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x225c940, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL.DLL", lpUsedDefaultChar=0x0) returned 7 [0045.275] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL100.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.275] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL110.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.275] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x225c988, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMFD.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.276] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMLIB.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.276] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIODEV.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.276] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOENG.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.276] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOKSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.276] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOSES.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.276] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x225c988, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITNATIVESNAPIN.DLL", lpUsedDefaultChar=0x0) returned 21 [0045.277] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x225c940, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLICYGPINTEROP.DLL", lpUsedDefaultChar=0x0) returned 24 [0045.277] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x225c988, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLMSG.DLL", lpUsedDefaultChar=0x0) returned 15 [0045.277] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x225c940, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWCFG.DLL", lpUsedDefaultChar=0x0) returned 13 [0045.277] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWGP.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.277] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x225c940, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWSNAPIN.DLL", lpUsedDefaultChar=0x0) returned 16 [0045.277] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x225c988, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWWIZFWK.DLL", lpUsedDefaultChar=0x0) returned 16 [0045.278] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.278] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x225c988, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHZ.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.278] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTOPLAY.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.278] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0045.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x225c988, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYAPI.DLL", lpUsedDefaultChar=0x0) returned 23 [0045.279] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0045.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x225c940, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYCPL.DLL", lpUsedDefaultChar=0x0) returned 23 [0045.279] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVICAP32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.279] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVIFIL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.280] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x225c988, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVRT.DLL", lpUsedDefaultChar=0x0) returned 8 [0045.280] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLES.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.280] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.281] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZSQLEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.281] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BASECSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.282] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BATMETER.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.282] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPT.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.282] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0045.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x225c940, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPTPRIMITIVES.DLL", lpUsedDefaultChar=0x0) returned 20 [0045.282] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIDISPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.283] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x225c940, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIOCREDPROV.DLL", lpUsedDefaultChar=0x0) returned 15 [0045.283] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPERF.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.283] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX2.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.283] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX3.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.284] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX4.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.287] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX5.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.288] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX6.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.288] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BLACKBOX.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.288] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BOOTVID.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.288] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.288] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWSEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.288] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTPANUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.289] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x225c940, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWCONTEXTHANDLER.DLL", lpUsedDefaultChar=0x0) returned 20 [0045.289] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x225c988, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWUNPAIRELEVATED.DLL", lpUsedDefaultChar=0x0) returned 20 [0045.289] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABINET.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.289] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABVIEW.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.292] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x225c940, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPIPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 16 [0045.292] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPISP.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.292] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRV.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.292] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVPS.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.293] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVUT.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.293] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x225c988, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CCA.DLL", lpUsedDefaultChar=0x0) returned 7 [0045.293] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CDOSYS.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.293] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.293] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x225c940, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCREDPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 20 [0045.293] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENC.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.294] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x225c940, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLL.DLL", lpUsedDefaultChar=0x0) returned 14 [0045.294] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x225c988, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLLUI.DLL", lpUsedDefaultChar=0x0) returned 16 [0045.294] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTMGR.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.294] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x225c988, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTPOLENG.DLL", lpUsedDefaultChar=0x0) returned 14 [0045.294] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CEWMDM.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.294] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGBKEND.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGBKEND.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CFGBKEND.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.295] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGMGR32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGMGR32.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CFGMGR32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.295] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHSBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHSBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHSBRKR.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.295] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHTBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHTBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHTBRKR.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.295] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHXREADINGSTRINGIME.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHXREADINGSTRINGIME.DLL", cchWideChar=23, lpMultiByteStr=0x225c988, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHXREADINGSTRINGIME.DLL", lpUsedDefaultChar=0x0) returned 23 [0045.295] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CIC.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CIC.DLL", cchWideChar=7, lpMultiByteStr=0x225c940, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CIC.DLL", lpUsedDefaultChar=0x0) returned 7 [0045.295] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLB.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLB.DLL", cchWideChar=7, lpMultiByteStr=0x225c988, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLB.DLL", lpUsedDefaultChar=0x0) returned 7 [0045.296] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLBCATQ.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLBCATQ.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLBCATQ.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.296] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLFSW32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLFSW32.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLFSW32.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.296] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLICONFG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLICONFG.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLICONFG.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.296] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLUSAPI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLUSAPI.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLUSAPI.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.296] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMCFG32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMCFG32.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMCFG32.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.296] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMDIAL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMDIAL32.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMDIAL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.297] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMICRYPTINSTALL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMICRYPTINSTALL.DLL", cchWideChar=19, lpMultiByteStr=0x225c940, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMICRYPTINSTALL.DLL", lpUsedDefaultChar=0x0) returned 19 [0045.297] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIFW.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIFW.DLL", cchWideChar=9, lpMultiByteStr=0x225c988, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMIFW.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.297] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIPNPINSTALL.DLL", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIPNPINSTALL.DLL", cchWideChar=17, lpMultiByteStr=0x225c940, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMIPNPINSTALL.DLL", lpUsedDefaultChar=0x0) returned 17 [0045.297] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMLUA.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMLUA.DLL", cchWideChar=9, lpMultiByteStr=0x225c988, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMLUA.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.297] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMPBK32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMPBK32.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMPBK32.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.298] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMSTPLUA.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMSTPLUA.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMSTPLUA.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.298] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMUTIL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMUTIL.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMUTIL.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.298] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGAUDIT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGAUDIT.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNGAUDIT.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.298] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGPROVIDER.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGPROVIDER.DLL", cchWideChar=15, lpMultiByteStr=0x225c940, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNGPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 15 [0045.298] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNVFAT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNVFAT.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNVFAT.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.298] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLBACT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLBACT.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLBACT.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.299] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORCNV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORCNV.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLORCNV.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.299] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORUI.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLORUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.299] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCAT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCAT.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMCAT.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.299] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCTL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCTL32.DLL", cchWideChar=12, lpMultiByteStr=0x225c940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMCTL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.299] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMDLG32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMDLG32.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMDLG32.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.299] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPOBJ.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPOBJ.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMPOBJ.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.300] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPSTUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPSTUI.DLL", cchWideChar=12, lpMultiByteStr=0x225c988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMPSTUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0045.300] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMREPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMREPL.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMREPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.300] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMRES.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMRES.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMRES.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.300] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSNAP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSNAP.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMSNAP.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.300] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSVCS.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSVCS.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMSVCS.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.300] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMUID.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMUID.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMUID.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.301] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONCRT140.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONCRT140.DLL", cchWideChar=13, lpMultiByteStr=0x225c988, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONCRT140.DLL", lpUsedDefaultChar=0x0) returned 13 [0045.301] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONNECT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONNECT.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONNECT.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.301] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONSOLE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONSOLE.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONSOLE.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.301] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CORPOL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CORPOL.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CORPOL.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.301] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CPFILTERS.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CPFILTERS.DLL", cchWideChar=13, lpMultiByteStr=0x225c988, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CPFILTERS.DLL", lpUsedDefaultChar=0x0) returned 13 [0045.302] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDSSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDSSP.DLL", cchWideChar=11, lpMultiByteStr=0x225c940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDSSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.302] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDUI.DLL", cchWideChar=10, lpMultiByteStr=0x225c988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.302] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRTDLL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRTDLL.DLL", cchWideChar=10, lpMultiByteStr=0x225c940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRTDLL.DLL", lpUsedDefaultChar=0x0) returned 10 [0045.302] FindNextFileW (in: hFindFile=0x56d6b0, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRYPT32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRYPT32.DLL", cchWideChar=11, lpMultiByteStr=0x225c988, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRYPT32.DLL", lpUsedDefaultChar=0x0) returned 11 [0045.302] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="crypt32.dll", BaseAddress=0x18fd70 | out: BaseAddress=0x18fd70*=0x75a60000) returned 0x0 [0045.725] FindClose (in: hFindFile=0x56d6b0 | out: hFindFile=0x56d6b0) returned 1 [0045.725] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.735] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x1ec7a18, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1ec7a18, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.735] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x1ec7a18, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x0, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x0, pcbStructInfo=0x18fd98) returned 1 [0045.746] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x1ec7a18, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x1ec8128, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x1ec8128, pcbStructInfo=0x18fd98) returned 1 [0045.746] CryptImportPublicKeyInfo (in: hCryptProv=0x56d5f0, dwCertEncodingType=0x10001, pInfo=0x1ec8128*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x1ec8158*, PublicKey.cbData=0x8c, PublicKey.pbData=0x1ec8160*, PublicKey.cUnusedBits=0x0), phKey=0x18fda0 | out: phKey=0x18fda0*=0x56d6b0) returned 1 [0045.748] ReleaseMutex (hMutex=0x110) returned 1 [0045.749] StartServiceCtrlDispatcherW (lpServiceTable=0x18fe10*(lpServiceName="", lpServiceProc=0x40f270)) returned 0 [0045.754] GetLastError () returned 0x427 [0045.754] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe\" " [0045.754] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe\" ", pNumArgs=0x18fe00 | out: pNumArgs=0x18fe00) returned 0x584a60*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" [0045.754] Wow64DisableWow64FsRedirection (in: OldValue=0x18fde0 | out: OldValue=0x18fde0*=0x0) returned 1 [0045.754] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ec8128, nSize=0x200 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe")) returned 0x66 [0045.754] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ec8930, nSize=0x200 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe")) returned 0x66 [0045.755] SHRegDuplicateHKey (hkey=0x80000001) returned 0x80000001 [0045.755] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x0, lpName=0x1ec9940, cchName=0x104 | out: lpName="AppEvents") returned 0x0 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appevents", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appevents", cchWideChar=9, lpMultiByteStr=0x225c280, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appevents", lpUsedDefaultChar=0x0) returned 9 [0045.755] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x1, lpName=0x1ec9940, cchName=0x104 | out: lpName="Console") returned 0x0 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="console", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="console", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="console", lpUsedDefaultChar=0x0) returned 7 [0045.755] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x2, lpName=0x1ec9940, cchName=0x104 | out: lpName="Control Panel") returned 0x0 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x225c280, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control panel", lpUsedDefaultChar=0x0) returned 13 [0045.755] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x3, lpName=0x1ec9940, cchName=0x104 | out: lpName="Environment") returned 0x0 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="environment", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="environment", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="environment", lpUsedDefaultChar=0x0) returned 11 [0045.755] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x4, lpName=0x1ec9940, cchName=0x104 | out: lpName="EUDC") returned 0x0 [0045.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eudc", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eudc", cchWideChar=4, lpMultiByteStr=0x225c280, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eudc", lpUsedDefaultChar=0x0) returned 4 [0045.756] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x5, lpName=0x1ec9940, cchName=0x104 | out: lpName="Identities") returned 0x0 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identities", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identities", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identities", lpUsedDefaultChar=0x0) returned 10 [0045.756] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x6, lpName=0x1ec9940, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyboard layout", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyboard layout", cchWideChar=15, lpMultiByteStr=0x225c280, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keyboard layout", lpUsedDefaultChar=0x0) returned 15 [0045.756] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x7, lpName=0x1ec9940, cchName=0x104 | out: lpName="Network") returned 0x0 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="network", lpUsedDefaultChar=0x0) returned 7 [0045.756] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x8, lpName=0x1ec9940, cchName=0x104 | out: lpName="Printers") returned 0x0 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="printers", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="printers", cchWideChar=8, lpMultiByteStr=0x225c280, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="printers", lpUsedDefaultChar=0x0) returned 8 [0045.756] RegEnumKeyW (in: hKey=0x80000001, dwIndex=0x9, lpName=0x1ec9940, cchName=0x104 | out: lpName="Software") returned 0x0 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0045.757] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20109, phkResult=0x18f8b8 | out: phkResult=0x18f8b8*=0x12c) returned 0x0 [0045.757] RegCloseKey (hKey=0x80000001) returned 0x0 [0045.757] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x0, lpName=0x1ec9940, cchName=0x104 | out: lpName="Adobe") returned 0x0 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobe", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobe", cchWideChar=5, lpMultiByteStr=0x225c280, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adobe", lpUsedDefaultChar=0x0) returned 5 [0045.757] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x1, lpName=0x1ec9940, cchName=0x104 | out: lpName="AppDataLow") returned 0x0 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appdatalow", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appdatalow", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appdatalow", lpUsedDefaultChar=0x0) returned 10 [0045.757] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x2, lpName=0x1ec9940, cchName=0x104 | out: lpName="Clients") returned 0x0 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clients", lpUsedDefaultChar=0x0) returned 7 [0045.757] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x3, lpName=0x1ec9940, cchName=0x104 | out: lpName="Google") returned 0x0 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="google", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0045.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="google", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="google", lpUsedDefaultChar=0x0) returned 6 [0045.757] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x4, lpName=0x1ec9940, cchName=0x104 | out: lpName="JavaSoft") returned 0x0 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="javasoft", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="javasoft", cchWideChar=8, lpMultiByteStr=0x225c280, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javasoft", lpUsedDefaultChar=0x0) returned 8 [0045.758] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x5, lpName=0x1ec9940, cchName=0x104 | out: lpName="Macromedia") returned 0x0 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="macromedia", lpUsedDefaultChar=0x0) returned 10 [0045.758] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x6, lpName=0x1ec9940, cchName=0x104 | out: lpName="Microsoft") returned 0x0 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x225c280, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft", lpUsedDefaultChar=0x0) returned 9 [0045.758] RegOpenKeyExW (in: hKey=0x12c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20109, phkResult=0x18f8b8 | out: phkResult=0x18f8b8*=0x128) returned 0x0 [0045.758] RegCloseKey (hKey=0x12c) returned 0x0 [0045.758] RegEnumKeyW (in: hKey=0x128, dwIndex=0x0, lpName=0x1ec9940, cchName=0x104 | out: lpName="Active Setup") returned 0x0 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active setup", lpUsedDefaultChar=0x0) returned 12 [0045.758] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1, lpName=0x1ec9940, cchName=0x104 | out: lpName="ActiveMovie") returned 0x0 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activemovie", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activemovie", cchWideChar=11, lpMultiByteStr=0x225c280, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="activemovie", lpUsedDefaultChar=0x0) returned 11 [0045.759] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2, lpName=0x1ec9940, cchName=0x104 | out: lpName="Advanced INF Setup") returned 0x0 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x225c160, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advanced inf setup", lpUsedDefaultChar=0x0) returned 18 [0045.759] RegEnumKeyW (in: hKey=0x128, dwIndex=0x3, lpName=0x1ec9940, cchName=0x104 | out: lpName="ASF Stream Descriptor File") returned 0x0 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asf stream descriptor file", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asf stream descriptor file", cchWideChar=26, lpMultiByteStr=0x225c280, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asf stream descriptor file", lpUsedDefaultChar=0x0) returned 26 [0045.759] RegEnumKeyW (in: hKey=0x128, dwIndex=0x4, lpName=0x1ec9940, cchName=0x104 | out: lpName="Assistance") returned 0x0 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="assistance", lpUsedDefaultChar=0x0) returned 10 [0045.759] RegEnumKeyW (in: hKey=0x128, dwIndex=0x5, lpName=0x1ec9940, cchName=0x104 | out: lpName="Command Processor") returned 0x0 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x225c280, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="command processor", lpUsedDefaultChar=0x0) returned 17 [0045.759] RegEnumKeyW (in: hKey=0x128, dwIndex=0x6, lpName=0x1ec9940, cchName=0x104 | out: lpName="CTF") returned 0x0 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctf", lpUsedDefaultChar=0x0) returned 3 [0045.759] RegEnumKeyW (in: hKey=0x128, dwIndex=0x7, lpName=0x1ec9940, cchName=0x104 | out: lpName="Direct3D") returned 0x0 [0045.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="direct3d", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="direct3d", cchWideChar=8, lpMultiByteStr=0x225c280, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="direct3d", lpUsedDefaultChar=0x0) returned 8 [0045.760] RegEnumKeyW (in: hKey=0x128, dwIndex=0x8, lpName=0x1ec9940, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x225c160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0045.760] RegEnumKeyW (in: hKey=0x128, dwIndex=0x9, lpName=0x1ec9940, cchName=0x104 | out: lpName="Exchange") returned 0x0 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x225c280, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exchange", lpUsedDefaultChar=0x0) returned 8 [0045.760] RegEnumKeyW (in: hKey=0x128, dwIndex=0xa, lpName=0x1ec9940, cchName=0x104 | out: lpName="Fax") returned 0x0 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0045.760] RegEnumKeyW (in: hKey=0x128, dwIndex=0xb, lpName=0x1ec9940, cchName=0x104 | out: lpName="Feeds") returned 0x0 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x225c280, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feeds", lpUsedDefaultChar=0x0) returned 5 [0045.760] RegEnumKeyW (in: hKey=0x128, dwIndex=0xc, lpName=0x1ec9940, cchName=0x104 | out: lpName="FTP") returned 0x0 [0045.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ftp", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ftp", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ftp", lpUsedDefaultChar=0x0) returned 3 [0045.761] RegEnumKeyW (in: hKey=0x128, dwIndex=0xd, lpName=0x1ec9940, cchName=0x104 | out: lpName="GDIPlus") returned 0x0 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdiplus", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdiplus", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdiplus", lpUsedDefaultChar=0x0) returned 7 [0045.761] RegEnumKeyW (in: hKey=0x128, dwIndex=0xe, lpName=0x1ec9940, cchName=0x104 | out: lpName="IAM") returned 0x0 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iam", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iam", lpUsedDefaultChar=0x0) returned 3 [0045.761] RegEnumKeyW (in: hKey=0x128, dwIndex=0xf, lpName=0x1ec9940, cchName=0x104 | out: lpName="IME") returned 0x0 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x225c280, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ime", lpUsedDefaultChar=0x0) returned 3 [0045.761] RegEnumKeyW (in: hKey=0x128, dwIndex=0x10, lpName=0x1ec9940, cchName=0x104 | out: lpName="IMEJP") returned 0x0 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x225c160, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imejp", lpUsedDefaultChar=0x0) returned 5 [0045.761] RegEnumKeyW (in: hKey=0x128, dwIndex=0x11, lpName=0x1ec9940, cchName=0x104 | out: lpName="IMEMIP") returned 0x0 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imemip", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0045.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imemip", cchWideChar=6, lpMultiByteStr=0x225c280, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imemip", lpUsedDefaultChar=0x0) returned 6 [0045.762] RegEnumKeyW (in: hKey=0x128, dwIndex=0x12, lpName=0x1ec9940, cchName=0x104 | out: lpName="Internet Connection Wizard") returned 0x0 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet connection wizard", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet connection wizard", cchWideChar=26, lpMultiByteStr=0x225c160, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet connection wizard", lpUsedDefaultChar=0x0) returned 26 [0045.762] RegEnumKeyW (in: hKey=0x128, dwIndex=0x13, lpName=0x1ec9940, cchName=0x104 | out: lpName="Internet Explorer") returned 0x0 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x225c280, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet explorer", lpUsedDefaultChar=0x0) returned 17 [0045.762] RegEnumKeyW (in: hKey=0x128, dwIndex=0x14, lpName=0x1ec9940, cchName=0x104 | out: lpName="Internet Mail and News") returned 0x0 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet mail and news", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet mail and news", cchWideChar=22, lpMultiByteStr=0x225c160, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet mail and news", lpUsedDefaultChar=0x0) returned 22 [0045.762] RegEnumKeyW (in: hKey=0x128, dwIndex=0x15, lpName=0x1ec9940, cchName=0x104 | out: lpName="Java VM") returned 0x0 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="java vm", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="java vm", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="java vm", lpUsedDefaultChar=0x0) returned 7 [0045.762] RegEnumKeyW (in: hKey=0x128, dwIndex=0x16, lpName=0x1ec9940, cchName=0x104 | out: lpName="Keyboard") returned 0x0 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyboard", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyboard", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keyboard", lpUsedDefaultChar=0x0) returned 8 [0045.762] RegEnumKeyW (in: hKey=0x128, dwIndex=0x17, lpName=0x1ec9940, cchName=0x104 | out: lpName="MediaPlayer") returned 0x0 [0045.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x225c280, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediaplayer", lpUsedDefaultChar=0x0) returned 11 [0045.763] RegEnumKeyW (in: hKey=0x128, dwIndex=0x18, lpName=0x1ec9940, cchName=0x104 | out: lpName="Microsoft Management Console") returned 0x0 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft management console", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft management console", cchWideChar=28, lpMultiByteStr=0x225c160, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft management console", lpUsedDefaultChar=0x0) returned 28 [0045.763] RegEnumKeyW (in: hKey=0x128, dwIndex=0x19, lpName=0x1ec9940, cchName=0x104 | out: lpName="MS Design Tools") returned 0x0 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ms design tools", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ms design tools", cchWideChar=15, lpMultiByteStr=0x225c280, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ms design tools", lpUsedDefaultChar=0x0) returned 15 [0045.763] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1a, lpName=0x1ec9940, cchName=0x104 | out: lpName="MSDAIPP") returned 0x0 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdaipp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdaipp", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdaipp", lpUsedDefaultChar=0x0) returned 7 [0045.763] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1b, lpName=0x1ec9940, cchName=0x104 | out: lpName="MSF") returned 0x0 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x225c280, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msf", lpUsedDefaultChar=0x0) returned 3 [0045.763] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1c, lpName=0x1ec9940, cchName=0x104 | out: lpName="Multimedia") returned 0x0 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="multimedia", lpUsedDefaultChar=0x0) returned 10 [0045.764] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1d, lpName=0x1ec9940, cchName=0x104 | out: lpName="Notepad") returned 0x0 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad", lpUsedDefaultChar=0x0) returned 7 [0045.764] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1e, lpName=0x1ec9940, cchName=0x104 | out: lpName="Office") returned 0x0 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="office", lpUsedDefaultChar=0x0) returned 6 [0045.764] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1f, lpName=0x1ec9940, cchName=0x104 | out: lpName="PeerNet") returned 0x0 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="peernet", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="peernet", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="peernet", lpUsedDefaultChar=0x0) returned 7 [0045.764] RegEnumKeyW (in: hKey=0x128, dwIndex=0x20, lpName=0x1ec9940, cchName=0x104 | out: lpName="Protected Storage System Provider") returned 0x0 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="protected storage system provider", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="protected storage system provider", cchWideChar=33, lpMultiByteStr=0x225c160, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="protected storage system provider", lpUsedDefaultChar=0x0) returned 33 [0045.764] RegEnumKeyW (in: hKey=0x128, dwIndex=0x21, lpName=0x1ec9940, cchName=0x104 | out: lpName="RAS AutoDial") returned 0x0 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x225c280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras autodial", lpUsedDefaultChar=0x0) returned 12 [0045.764] RegEnumKeyW (in: hKey=0x128, dwIndex=0x22, lpName=0x1ec9940, cchName=0x104 | out: lpName="RAS Phonebook") returned 0x0 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras phonebook", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras phonebook", cchWideChar=13, lpMultiByteStr=0x225c160, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras phonebook", lpUsedDefaultChar=0x0) returned 13 [0045.765] RegEnumKeyW (in: hKey=0x128, dwIndex=0x23, lpName=0x1ec9940, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remote assistance", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remote assistance", cchWideChar=17, lpMultiByteStr=0x225c280, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="remote assistance", lpUsedDefaultChar=0x0) returned 17 [0045.765] RegEnumKeyW (in: hKey=0x128, dwIndex=0x24, lpName=0x1ec9940, cchName=0x104 | out: lpName="Shared") returned 0x0 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x225c160, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared", lpUsedDefaultChar=0x0) returned 6 [0045.765] RegEnumKeyW (in: hKey=0x128, dwIndex=0x25, lpName=0x1ec9940, cchName=0x104 | out: lpName="Shared Tools") returned 0x0 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x225c280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools", lpUsedDefaultChar=0x0) returned 12 [0045.765] RegEnumKeyW (in: hKey=0x128, dwIndex=0x26, lpName=0x1ec9940, cchName=0x104 | out: lpName="SideShow") returned 0x0 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sideshow", lpUsedDefaultChar=0x0) returned 8 [0045.765] RegEnumKeyW (in: hKey=0x128, dwIndex=0x27, lpName=0x1ec9940, cchName=0x104 | out: lpName="Speech") returned 0x0 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x225c280, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="speech", lpUsedDefaultChar=0x0) returned 6 [0045.766] RegEnumKeyW (in: hKey=0x128, dwIndex=0x28, lpName=0x1ec9940, cchName=0x104 | out: lpName="SQMClient") returned 0x0 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sqmclient", lpUsedDefaultChar=0x0) returned 9 [0045.766] RegEnumKeyW (in: hKey=0x128, dwIndex=0x29, lpName=0x1ec9940, cchName=0x104 | out: lpName="SystemCertificates") returned 0x0 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x225c280, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="systemcertificates", lpUsedDefaultChar=0x0) returned 18 [0045.766] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2a, lpName=0x1ec9940, cchName=0x104 | out: lpName="VBA") returned 0x0 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vba", lpUsedDefaultChar=0x0) returned 3 [0045.766] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2b, lpName=0x1ec9940, cchName=0x104 | out: lpName="VisualStudio") returned 0x0 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x225c280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="visualstudio", lpUsedDefaultChar=0x0) returned 12 [0045.766] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2c, lpName=0x1ec9940, cchName=0x104 | out: lpName="WAB") returned 0x0 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wab", lpUsedDefaultChar=0x0) returned 3 [0045.767] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2d, lpName=0x1ec9940, cchName=0x104 | out: lpName="Web Service Providers") returned 0x0 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="web service providers", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="web service providers", cchWideChar=21, lpMultiByteStr=0x225c280, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="web service providers", lpUsedDefaultChar=0x0) returned 21 [0045.767] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2e, lpName=0x1ec9940, cchName=0x104 | out: lpName="wfs") returned 0x0 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wfs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wfs", cchWideChar=3, lpMultiByteStr=0x225c160, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wfs", lpUsedDefaultChar=0x0) returned 3 [0045.767] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2f, lpName=0x1ec9940, cchName=0x104 | out: lpName="Windows") returned 0x0 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="windows", lpUsedDefaultChar=0x0) returned 7 [0045.767] RegOpenKeyExW (in: hKey=0x128, lpSubKey="Windows", ulOptions=0x0, samDesired=0x20109, phkResult=0x18f8b8 | out: phkResult=0x18f8b8*=0x12c) returned 0x0 [0045.767] RegCloseKey (hKey=0x128) returned 0x0 [0045.767] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x0, lpName=0x1ec9940, cchName=0x104 | out: lpName="CurrentVersion") returned 0x0 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0045.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x225c160, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentversion", lpUsedDefaultChar=0x0) returned 14 [0045.767] RegOpenKeyExW (in: hKey=0x12c, lpSubKey="CurrentVersion", ulOptions=0x0, samDesired=0x20109, phkResult=0x18f8b8 | out: phkResult=0x18f8b8*=0x128) returned 0x0 [0045.768] RegCloseKey (hKey=0x12c) returned 0x0 [0045.768] RegEnumKeyW (in: hKey=0x128, dwIndex=0x0, lpName=0x1ec9940, cchName=0x104 | out: lpName="Action Center") returned 0x0 [0045.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="action center", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="action center", cchWideChar=13, lpMultiByteStr=0x225c280, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="action center", lpUsedDefaultChar=0x0) returned 13 [0045.768] RegEnumKeyW (in: hKey=0x128, dwIndex=0x1, lpName=0x1ec9940, cchName=0x104 | out: lpName="Applets") returned 0x0 [0045.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="applets", lpUsedDefaultChar=0x0) returned 7 [0045.769] RegEnumKeyW (in: hKey=0x128, dwIndex=0x2, lpName=0x1ec9940, cchName=0x104 | out: lpName="Controls Folder (Wow64)") returned 0x0 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder (wow64)", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder (wow64)", cchWideChar=23, lpMultiByteStr=0x225c280, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controls folder (wow64)", lpUsedDefaultChar=0x0) returned 23 [0045.769] RegEnumKeyW (in: hKey=0x128, dwIndex=0x3, lpName=0x1ec9940, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0045.769] RegOpenKeyExW (in: hKey=0x128, lpSubKey="Explorer", ulOptions=0x0, samDesired=0x20109, phkResult=0x18f8b8 | out: phkResult=0x18f8b8*=0x12c) returned 0x0 [0045.769] RegCloseKey (hKey=0x128) returned 0x0 [0045.769] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x0, lpName=0x1ec9940, cchName=0x104 | out: lpName="Advanced") returned 0x0 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced", cchWideChar=8, lpMultiByteStr=0x225c280, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advanced", lpUsedDefaultChar=0x0) returned 8 [0045.769] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x1, lpName=0x1ec9940, cchName=0x104 | out: lpName="ApplicationDestinations") returned 0x0 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applicationdestinations", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0045.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applicationdestinations", cchWideChar=23, lpMultiByteStr=0x225c160, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="applicationdestinations", lpUsedDefaultChar=0x0) returned 23 [0045.769] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x2, lpName=0x1ec9940, cchName=0x104 | out: lpName="AutoComplete") returned 0x0 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="autocomplete", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="autocomplete", cchWideChar=12, lpMultiByteStr=0x225c280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="autocomplete", lpUsedDefaultChar=0x0) returned 12 [0045.770] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x3, lpName=0x1ec9940, cchName=0x104 | out: lpName="AutoplayHandlers") returned 0x0 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="autoplayhandlers", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="autoplayhandlers", cchWideChar=16, lpMultiByteStr=0x225c160, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="autoplayhandlers", lpUsedDefaultChar=0x0) returned 16 [0045.770] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x4, lpName=0x1ec9940, cchName=0x104 | out: lpName="BitBucket") returned 0x0 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitbucket", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitbucket", cchWideChar=9, lpMultiByteStr=0x225c280, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitbucket", lpUsedDefaultChar=0x0) returned 9 [0045.770] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x5, lpName=0x1ec9940, cchName=0x104 | out: lpName="CabinetState") returned 0x0 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cabinetstate", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cabinetstate", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cabinetstate", lpUsedDefaultChar=0x0) returned 12 [0045.770] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x6, lpName=0x1ec9940, cchName=0x104 | out: lpName="CD Burning") returned 0x0 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cd burning", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cd burning", cchWideChar=10, lpMultiByteStr=0x225c280, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cd burning", lpUsedDefaultChar=0x0) returned 10 [0045.770] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x7, lpName=0x1ec9940, cchName=0x104 | out: lpName="CIDOpen") returned 0x0 [0045.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cidopen", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cidopen", cchWideChar=7, lpMultiByteStr=0x225c160, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cidopen", lpUsedDefaultChar=0x0) returned 7 [0045.771] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x8, lpName=0x1ec9940, cchName=0x104 | out: lpName="CLSID") returned 0x0 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clsid", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clsid", cchWideChar=5, lpMultiByteStr=0x225c280, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clsid", lpUsedDefaultChar=0x0) returned 5 [0045.771] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x9, lpName=0x1ec9940, cchName=0x104 | out: lpName="ComDlg32") returned 0x0 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comdlg32", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comdlg32", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="comdlg32", lpUsedDefaultChar=0x0) returned 8 [0045.771] RegEnumKeyW (in: hKey=0x12c, dwIndex=0xa, lpName=0x1ec9940, cchName=0x104 | out: lpName="Discardable") returned 0x0 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="discardable", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="discardable", cchWideChar=11, lpMultiByteStr=0x225c280, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="discardable", lpUsedDefaultChar=0x0) returned 11 [0045.771] RegEnumKeyW (in: hKey=0x12c, dwIndex=0xb, lpName=0x1ec9940, cchName=0x104 | out: lpName="FileExts") returned 0x0 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fileexts", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fileexts", cchWideChar=8, lpMultiByteStr=0x225c160, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fileexts", lpUsedDefaultChar=0x0) returned 8 [0045.771] RegEnumKeyW (in: hKey=0x12c, dwIndex=0xc, lpName=0x1ec9940, cchName=0x104 | out: lpName="LowRegistry") returned 0x0 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lowregistry", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0045.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lowregistry", cchWideChar=11, lpMultiByteStr=0x225c280, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lowregistry", lpUsedDefaultChar=0x0) returned 11 [0045.772] RegEnumKeyW (in: hKey=0x12c, dwIndex=0xd, lpName=0x1ec9940, cchName=0x104 | out: lpName="MenuOrder") returned 0x0 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="menuorder", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="menuorder", cchWideChar=9, lpMultiByteStr=0x225c160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="menuorder", lpUsedDefaultChar=0x0) returned 9 [0045.772] RegEnumKeyW (in: hKey=0x12c, dwIndex=0xe, lpName=0x1ec9940, cchName=0x104 | out: lpName="Modules") returned 0x0 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="modules", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="modules", cchWideChar=7, lpMultiByteStr=0x225c280, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="modules", lpUsedDefaultChar=0x0) returned 7 [0045.772] RegEnumKeyW (in: hKey=0x12c, dwIndex=0xf, lpName=0x1ec9940, cchName=0x104 | out: lpName="MountPoints2") returned 0x0 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mountpoints2", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mountpoints2", cchWideChar=12, lpMultiByteStr=0x225c160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mountpoints2", lpUsedDefaultChar=0x0) returned 12 [0045.772] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x10, lpName=0x1ec9940, cchName=0x104 | out: lpName="NewShortcutHandlers") returned 0x0 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="newshortcuthandlers", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="newshortcuthandlers", cchWideChar=19, lpMultiByteStr=0x225c280, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="newshortcuthandlers", lpUsedDefaultChar=0x0) returned 19 [0045.772] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x11, lpName=0x1ec9940, cchName=0x104 | out: lpName="RecentDocs") returned 0x0 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="recentdocs", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0045.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="recentdocs", cchWideChar=10, lpMultiByteStr=0x225c160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="recentdocs", lpUsedDefaultChar=0x0) returned 10 [0045.772] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x12, lpName=0x1ec9940, cchName=0x104 | out: lpName="RunMRU") returned 0x0 [0045.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="runmru", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0045.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="runmru", cchWideChar=6, lpMultiByteStr=0x225c280, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="runmru", lpUsedDefaultChar=0x0) returned 6 [0045.773] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x13, lpName=0x1ec9940, cchName=0x104 | out: lpName="SearchPlatform") returned 0x0 [0045.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="searchplatform", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0045.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="searchplatform", cchWideChar=14, lpMultiByteStr=0x225c160, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="searchplatform", lpUsedDefaultChar=0x0) returned 14 [0045.773] RegEnumKeyW (in: hKey=0x12c, dwIndex=0x14, lpName=0x1ec9940, cchName=0x104 | out: lpName="Shell Folders") returned 0x0 [0045.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shell folders", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0045.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shell folders", cchWideChar=13, lpMultiByteStr=0x225c280, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shell folders", lpUsedDefaultChar=0x0) returned 13 [0045.773] RegOpenKeyExW (in: hKey=0x12c, lpSubKey="Shell Folders", ulOptions=0x0, samDesired=0x20109, phkResult=0x18f8b8 | out: phkResult=0x18f8b8*=0x128) returned 0x0 [0045.773] RegCloseKey (hKey=0x12c) returned 0x0 [0045.773] RegEnumValueA (in: hKey=0x128, dwIndex=0x0, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="!Do not use this registry key", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.773] RegEnumValueA (in: hKey=0x128, dwIndex=0x1, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="AppData", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.773] RegEnumValueA (in: hKey=0x128, dwIndex=0x2, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Local AppData", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.773] RegEnumValueA (in: hKey=0x128, dwIndex=0x3, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="My Video", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x4, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x5, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="My Pictures", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x6, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Desktop", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x7, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="History", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x8, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="NetHood", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x9, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{56784854-C6CB-462B-8169-88E350ACB882}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0xa, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Cookies", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0xb, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Favorites", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0xc, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SendTo", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0xd, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Start Menu", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0xe, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="My Music", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0xf, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Programs", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.774] RegEnumValueA (in: hKey=0x128, dwIndex=0x10, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Recent", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x11, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="CD Burning", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x12, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="PrintHood", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x13, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x14, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{374DE290-123F-4565-9164-39C4925E467B}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x15, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{A520A1A4-1780-4FF6-BD18-167343C5AF16}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x16, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Startup", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x17, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Administrative Tools", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x18, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Personal", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x19, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x1a, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Cache", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x1b, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Templates", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x1c, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.775] RegEnumValueA (in: hKey=0x128, dwIndex=0x1d, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Fonts", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0045.776] RegEnumValueA (in: hKey=0x128, dwIndex=0x1e, lpValueName=0x18f800, lpcchValueName=0x18f7fc, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Fonts", lpcchValueName=0x18f7fc, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0045.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0045.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c160, cbMultiByte=7, lpWideCharStr=0x1ec15e8, cchWideChar=7 | out: lpWideCharStr="AppData") returned 7 [0045.776] RegQueryValueExW (in: hKey=0x128, lpValueName="AppData", lpReserved=0x0, lpType=0x18f8bc, lpData=0x0, lpcbData=0x18f8cc*=0x0 | out: lpType=0x18f8bc*=0x1, lpData=0x0, lpcbData=0x18f8cc*=0x5c) returned 0x0 [0045.776] RegQueryValueExW (in: hKey=0x128, lpValueName="AppData", lpReserved=0x0, lpType=0x18f8bc, lpData=0x1ec15e8, lpcbData=0x18f8cc*=0x5c | out: lpType=0x18f8bc*=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpcbData=0x18f8cc*=0x5c) returned 0x0 [0045.776] GetShortPathNameW (in: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpszShortPath=0x1ec3778, cchBuffer=0x200 | out: lpszShortPath="C:\\Users\\5P5NRG~1\\AppData\\Roaming") returned 0x21 [0045.776] RegCloseKey (hKey=0x128) returned 0x0 [0045.776] CryptAcquireContextW (in: phProv=0x18f960, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f960*=0x584b40) returned 1 [0045.777] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f974 | out: pbBuffer=0x18f974) returned 1 [0045.777] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.777] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.778] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.778] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.778] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.779] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.779] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.779] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.780] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.780] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.780] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.780] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.780] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.780] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.781] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.781] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.781] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.782] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.782] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.782] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.783] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.783] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.783] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.783] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.783] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.783] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.784] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.784] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.784] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.785] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.785] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.785] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.786] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.786] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.786] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.786] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.786] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.787] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.787] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.787] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.787] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.788] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.788] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.788] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.789] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.789] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.789] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.789] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.789] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.790] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.790] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.790] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.790] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.791] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.791] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.791] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.792] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.792] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.792] CryptAcquireContextW (in: phProv=0x18f95c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f95c*=0x584b40) returned 1 [0045.792] CryptGenRandom (in: hProv=0x584b40, dwLen=0x4, pbBuffer=0x18f970 | out: pbBuffer=0x18f970) returned 1 [0045.792] CryptReleaseContext (hProv=0x584b40, dwFlags=0x0) returned 1 [0045.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKvYnL9c" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvynl9c"), fInfoLevelId=0x0, lpFileInformation=0x18f928 | out: lpFileInformation=0x18f928*(dwFileAttributes=0x18fc58, ftCreationTime.dwLowDateTime=0x406d29, ftCreationTime.dwHighDateTime=0x2250000, ftLastAccessTime.dwLowDateTime=0x8, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x18fd70, ftLastWriteTime.dwHighDateTime=0x18fc58, nFileSizeHigh=0x2, nFileSizeLow=0x18fc30)) returned 0 [0045.793] GetLastError () returned 0x2 [0045.793] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKvYnL9c" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvynl9c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x2, hTemplateFile=0x0) returned 0x128 [0045.794] SetFileTime (hFile=0x128, lpCreationTime=0x0, lpLastAccessTime=0x18f96c, lpLastWriteTime=0x18f96c) returned 1 [0045.794] NtClose (Handle=0x128) returned 0x0 [0045.794] GetShortPathNameW (in: lpszLongPath="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKvYnL9c", lpszShortPath=0x1ec3778, cchBuffer=0x200 | out: lpszShortPath="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1") returned 0x2a [0045.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKvYnL9c" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvynl9c"), fInfoLevelId=0x0, lpFileInformation=0x18f968 | out: lpFileInformation=0x18f968*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x93dca250, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0x93dca250, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0x93dca250, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0045.795] SetFileAttributesW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKvYnL9c", dwFileAttributes=0x80) returned 1 [0045.795] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKvYnL9c" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvynl9c")) returned 1 [0045.795] GetSystemDirectoryW (in: lpBuffer=0x1ec9ad0, uSize=0x40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.795] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\*.exe", fInfoLevelId=0x1, lpFindFileData=0x18f9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18f9c0) returned 0x584b40 [0045.795] CryptAcquireContextW (in: phProv=0x18f97c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f97c*=0x584d20) returned 1 [0045.796] CryptGenRandom (in: hProv=0x584d20, dwLen=0x4, pbBuffer=0x18f990 | out: pbBuffer=0x18f990) returned 1 [0045.796] CryptReleaseContext (hProv=0x584d20, dwFlags=0x0) returned 1 [0045.796] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.799] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.800] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.801] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.802] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.804] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.805] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.806] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.807] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.807] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.809] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.809] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.809] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.809] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.809] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.810] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] FindNextFileW (in: hFindFile=0x584b40, lpFindFileData=0x18f9c0 | out: lpFindFileData=0x18f9c0) returned 1 [0045.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\sc.exe" (normalized: "c:\\windows\\system32\\sc.exe"), fInfoLevelId=0x0, lpFileInformation=0x18f928 | out: lpFileInformation=0x18f928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3082c03, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3082c03, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xf1bb2260, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xb000)) returned 1 [0045.811] CreateFileW (lpFileName="C:\\Windows\\system32\\sc.exe" (normalized: "c:\\windows\\system32\\sc.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0045.812] SetFileTime (hFile=0x12c, lpCreationTime=0x0, lpLastAccessTime=0x18f96c, lpLastWriteTime=0x18f96c) returned 0 [0045.812] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x18f958 | out: lpFileSizeHigh=0x18f958*=0x0) returned 0xb000 [0045.812] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f964*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18f964*=0) returned 0x0 [0045.812] ReadFile (in: hFile=0x12c, lpBuffer=0x1ec9ad0, nNumberOfBytesToRead=0xb000, lpNumberOfBytesRead=0x18f998, lpOverlapped=0x0 | out: lpBuffer=0x1ec9ad0*, lpNumberOfBytesRead=0x18f998*=0xb000, lpOverlapped=0x0) returned 1 [0045.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1"), fInfoLevelId=0x0, lpFileInformation=0x18f928 | out: lpFileInformation=0x18f928*(dwFileAttributes=0x1aa2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x100f948, ftLastAccessTime.dwLowDateTime=0x77e5e003, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x18fd70, ftLastWriteTime.dwHighDateTime=0x18fc58, nFileSizeHigh=0x2, nFileSizeLow=0x18fc30)) returned 0 [0045.814] GetLastError () returned 0x2 [0045.814] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x2, hTemplateFile=0x0) returned 0x12c [0045.816] SetFileTime (hFile=0x12c, lpCreationTime=0x0, lpLastAccessTime=0x18f96c, lpLastWriteTime=0x18f96c) returned 1 [0045.817] WriteFile (in: hFile=0x12c, lpBuffer=0x1ec9ad0*, nNumberOfBytesToWrite=0xb000, lpNumberOfBytesWritten=0x18f998, lpOverlapped=0x0 | out: lpBuffer=0x1ec9ad0*, lpNumberOfBytesWritten=0x18f998*=0xb000, lpOverlapped=0x0) returned 1 [0045.819] NtClose (Handle=0x12c) returned 0x0 [0045.824] FindClose (in: hFindFile=0x584b40 | out: hFindFile=0x584b40) returned 1 [0045.824] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ec3778, nSize=0x200 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe")) returned 0x66 [0045.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe"), fInfoLevelId=0x0, lpFileInformation=0x18f928 | out: lpFileInformation=0x18f928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ef78560, ftCreationTime.dwHighDateTime=0x1d3b054, ftLastAccessTime.dwLowDateTime=0x8ef78560, ftLastAccessTime.dwHighDateTime=0x1d3b054, ftLastWriteTime.dwLowDateTime=0x76fc4500, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x2c800)) returned 1 [0045.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0045.825] SetFileTime (hFile=0x128, lpCreationTime=0x0, lpLastAccessTime=0x18f96c, lpLastWriteTime=0x18f96c) returned 0 [0045.825] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x18f958 | out: lpFileSizeHigh=0x18f958*=0x0) returned 0x2c800 [0045.825] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f964*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18f964*=0) returned 0x0 [0045.828] ReadFile (in: hFile=0x128, lpBuffer=0x1ed4ad8, nNumberOfBytesToRead=0x2c800, lpNumberOfBytesRead=0x18f998, lpOverlapped=0x0 | out: lpBuffer=0x1ed4ad8*, lpNumberOfBytesRead=0x18f998*=0x2c800, lpOverlapped=0x0) returned 1 [0045.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin"), fInfoLevelId=0x0, lpFileInformation=0x18f928 | out: lpFileInformation=0x18f928*(dwFileAttributes=0x18fc58, ftCreationTime.dwLowDateTime=0x406d29, ftCreationTime.dwHighDateTime=0x2250000, ftLastAccessTime.dwLowDateTime=0x8, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x18fd70, ftLastWriteTime.dwHighDateTime=0x18fc58, nFileSizeHigh=0x2, nFileSizeLow=0x18fc30)) returned 0 [0045.833] GetLastError () returned 0x2 [0045.833] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x2, hTemplateFile=0x0) returned 0x128 [0045.833] SetFileTime (hFile=0x128, lpCreationTime=0x0, lpLastAccessTime=0x18f96c, lpLastWriteTime=0x18f96c) returned 1 [0045.833] WriteFile (in: hFile=0x128, lpBuffer=0x1ed4ad8*, nNumberOfBytesToWrite=0x2c800, lpNumberOfBytesWritten=0x18f998, lpOverlapped=0x0 | out: lpBuffer=0x1ed4ad8*, lpNumberOfBytesWritten=0x18f998*=0x2c800, lpOverlapped=0x0) returned 1 [0045.836] NtClose (Handle=0x128) returned 0x0 [0045.840] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin", lpCommandLine="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fc04*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fc48 | out: lpCommandLine="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe", lpProcessInformation=0x18fc48*(hProcess=0x12c, hThread=0x128, dwProcessId=0x9ec, dwThreadId=0x9f0)) returned 1 [0045.872] NtClose (Handle=0x128) returned 0x0 [0045.875] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0045.875] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x958 Thread: id = 3 os_tid = 0x9e8 Process: id = "2" image_name = "vqbkvy~1:bin" filename = "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin" page_root = "0x4f8b0000" os_pid = "0x9ec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x948" cmd_line = "C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 216 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 217 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 218 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 219 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 220 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 221 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 222 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 223 start_va = 0x400000 end_va = 0x42efff entry_point = 0x400000 region_type = mapped_file name = "vqbkvy~1" filename = "\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1") Region: id = 224 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 225 start_va = 0x77e30000 end_va = 0x77faffff entry_point = 0x77e30000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 226 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 227 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 228 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 229 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 230 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 231 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 232 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 233 start_va = 0x200000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 234 start_va = 0x75360000 end_va = 0x75367fff entry_point = 0x75360000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 235 start_va = 0x75370000 end_va = 0x753cbfff entry_point = 0x75370000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 236 start_va = 0x753d0000 end_va = 0x7540efff entry_point = 0x753d0000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 237 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 238 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 239 start_va = 0x430000 end_va = 0x496fff entry_point = 0x430000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 240 start_va = 0x500000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 241 start_va = 0x756e0000 end_va = 0x756e4fff entry_point = 0x756e0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 242 start_va = 0x756f0000 end_va = 0x7570bfff entry_point = 0x756f0000 region_type = mapped_file name = "oledlg.dll" filename = "\\Windows\\SysWOW64\\oledlg.dll" (normalized: "c:\\windows\\syswow64\\oledlg.dll") Region: id = 243 start_va = 0x75710000 end_va = 0x7574bfff entry_point = 0x75710000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 244 start_va = 0x75750000 end_va = 0x75781fff entry_point = 0x75750000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 245 start_va = 0x75790000 end_va = 0x757e0fff entry_point = 0x75790000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 246 start_va = 0x757f0000 end_va = 0x75873fff entry_point = 0x757f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 247 start_va = 0x75980000 end_va = 0x7598bfff entry_point = 0x75980000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 248 start_va = 0x75990000 end_va = 0x759effff entry_point = 0x75990000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 249 start_va = 0x75a30000 end_va = 0x75a48fff entry_point = 0x75a30000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 250 start_va = 0x75bb0000 end_va = 0x75bf5fff entry_point = 0x75bb0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 251 start_va = 0x75fd0000 end_va = 0x760dffff entry_point = 0x75fd0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 252 start_va = 0x760e0000 end_va = 0x7617ffff entry_point = 0x760e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 253 start_va = 0x76180000 end_va = 0x761d6fff entry_point = 0x76180000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 254 start_va = 0x763c0000 end_va = 0x763c9fff entry_point = 0x763c0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 255 start_va = 0x763e0000 end_va = 0x764dffff entry_point = 0x763e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 256 start_va = 0x76670000 end_va = 0x7671bfff entry_point = 0x76670000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 257 start_va = 0x767f0000 end_va = 0x7686afff entry_point = 0x767f0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 258 start_va = 0x76920000 end_va = 0x77569fff entry_point = 0x76920000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 259 start_va = 0x775d0000 end_va = 0x776bffff entry_point = 0x775d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 260 start_va = 0x776c0000 end_va = 0x7781bfff entry_point = 0x776c0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 261 start_va = 0x77820000 end_va = 0x778affff entry_point = 0x77820000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 262 start_va = 0x77990000 end_va = 0x77a2cfff entry_point = 0x77990000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 263 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x0 region_type = private name = "private_0x0000000077a30000" filename = "" Region: id = 264 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x0 region_type = private name = "private_0x0000000077b50000" filename = "" Region: id = 265 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 266 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 267 start_va = 0x510000 end_va = 0x697fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 268 start_va = 0x76720000 end_va = 0x767ebfff entry_point = 0x76720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 269 start_va = 0x77570000 end_va = 0x775cffff entry_point = 0x77570000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 270 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 271 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 272 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x1b0000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 273 start_va = 0x1c0000 end_va = 0x1dafff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 274 start_va = 0x6a0000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 275 start_va = 0x830000 end_va = 0x1c2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 276 start_va = 0x1ca0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 277 start_va = 0x1d70000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 278 start_va = 0x1e0000 end_va = 0x1f1fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 279 start_va = 0x280000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 280 start_va = 0x1d80000 end_va = 0x1edffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 281 start_va = 0x1d80000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 282 start_va = 0x1ed0000 end_va = 0x1edffff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 283 start_va = 0x4a0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 284 start_va = 0x1ee0000 end_va = 0x1fdffff entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 285 start_va = 0x756a0000 end_va = 0x756b5fff entry_point = 0x756a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 286 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 287 start_va = 0x1c30000 end_va = 0x1c6bfff entry_point = 0x1c30000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 288 start_va = 0x1c30000 end_va = 0x1c6bfff entry_point = 0x1c30000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 289 start_va = 0x1c30000 end_va = 0x1c6bfff entry_point = 0x1c30000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 290 start_va = 0x1c30000 end_va = 0x1c6bfff entry_point = 0x1c30000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 291 start_va = 0x1c30000 end_va = 0x1c6bfff entry_point = 0x1c30000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 292 start_va = 0x75660000 end_va = 0x7569afff entry_point = 0x75660000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 293 start_va = 0x1fe0000 end_va = 0x22aefff entry_point = 0x1fe0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 294 start_va = 0x75a60000 end_va = 0x75b7cfff entry_point = 0x75a60000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 295 start_va = 0x763d0000 end_va = 0x763dbfff entry_point = 0x763d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 296 start_va = 0x75630000 end_va = 0x75650fff entry_point = 0x75630000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 297 start_va = 0x77940000 end_va = 0x77984fff entry_point = 0x77940000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 298 start_va = 0x280000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 299 start_va = 0x2b0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 300 start_va = 0x290000 end_va = 0x296fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 301 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 302 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 303 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 304 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 305 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 306 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 307 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 308 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 309 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 310 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 311 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 312 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 313 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 314 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 315 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 316 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 317 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 318 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 319 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 320 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 321 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 322 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 323 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 324 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 325 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 326 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 327 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 328 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 329 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 330 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 331 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 332 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 333 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 334 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 335 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 336 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 337 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 338 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 339 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 340 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 341 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 342 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 343 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 344 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 345 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 346 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 347 start_va = 0x280000 end_va = 0x286fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 348 start_va = 0x75a20000 end_va = 0x75a24fff entry_point = 0x75a20000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 365 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 366 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Thread: id = 4 os_tid = 0x9f0 [0046.009] ImageList_DragLeave (hwndLock=0x74d88) returned 0 [0046.009] ImageList_DragLeave (hwndLock=0x6f743) returned 0 [0046.009] InitCommonControls () [0046.009] ImageList_DragLeave (hwndLock=0x7345b) returned 0 [0046.009] ImageList_DragEnter (hwndLock=0x705f9, x=103, y=375) returned 0 [0046.009] ImageList_DragEnter (hwndLock=0x3e954, x=489, y=141) returned 0 [0046.009] ImageList_DragMove (x=245, y=179) returned 0 [0046.009] ImageList_DragMove (x=206, y=455) returned 0 [0046.009] ImageList_DragLeave (hwndLock=0x3b579) returned 0 [0046.009] ImageList_EndDrag () [0046.009] ImageList_DragMove (x=230, y=299) returned 0 [0046.009] InitCommonControls () [0046.009] InitCommonControls () [0046.009] ImageList_DragLeave (hwndLock=0x3c00c) returned 0 [0046.009] ImageList_DragMove (x=438, y=399) returned 0 [0046.009] ImageList_EndDrag () [0046.009] ImageList_DragMove (x=216, y=73) returned 0 [0046.009] ImageList_BeginDrag (himlTrack=0x0, iTrack=50, dxHotspot=99, dyHotspot=463) returned 0 [0046.009] ImageList_EndDrag () [0046.009] ImageList_DragLeave (hwndLock=0x361eb) returned 0 [0046.009] ImageList_EndDrag () [0046.009] ImageList_EndDrag () [0046.009] ImageList_DragEnter (hwndLock=0x18a13, x=297, y=462) returned 0 [0046.009] ImageList_DragMove (x=120, y=282) returned 0 [0046.009] ImageList_DragMove (x=322, y=378) returned 0 [0046.009] ImageList_BeginDrag (himlTrack=0x46d6d, iTrack=35, dxHotspot=205, dyHotspot=218) returned 0 [0046.009] ImageList_DragEnter (hwndLock=0x55c45, x=328, y=173) returned 0 [0046.009] ImageList_DragEnter (hwndLock=0x7f1e, x=240, y=35) returned 0 [0046.009] ImageList_DragMove (x=191, y=218) returned 0 [0046.009] ImageList_EndDrag () [0046.009] ImageList_EndDrag () [0046.009] InitCommonControls () [0046.009] ImageList_DragMove (x=261, y=313) returned 0 [0046.009] ImageList_BeginDrag (himlTrack=0x18febc, iTrack=72, dxHotspot=220, dyHotspot=105) returned 0 [0046.010] ImageList_EndDrag () [0046.010] ImageList_DragMove (x=461, y=70) returned 0 [0046.010] ImageList_DragLeave (hwndLock=0x10a00) returned 0 [0046.010] InitCommonControls () [0046.010] ImageList_DragEnter (hwndLock=0x37369, x=152, y=473) returned 0 [0046.010] InitCommonControls () [0046.010] ImageList_DragEnter (hwndLock=0x76a51, x=159, y=362) returned 0 [0046.010] ImageList_DragMove (x=8, y=25) returned 0 [0046.010] ImageList_DragEnter (hwndLock=0x666cd, x=356, y=4) returned 0 [0046.010] ImageList_EndDrag () [0046.010] ImageList_EndDrag () [0046.010] ImageList_BeginDrag (himlTrack=0x5deb7, iTrack=24, dxHotspot=51, dyHotspot=119) returned 0 [0046.010] ImageList_DragMove (x=500, y=353) returned 0 [0046.010] ImageList_DragEnter (hwndLock=0x3983f, x=296, y=444) returned 0 [0046.010] ImageList_DragEnter (hwndLock=0x20f04, x=121, y=464) returned 0 [0046.010] InitCommonControls () [0046.010] InitCommonControls () [0046.010] ImageList_BeginDrag (himlTrack=0x61dbb, iTrack=26, dxHotspot=307, dyHotspot=13) returned 0 [0046.010] ImageList_DragLeave (hwndLock=0x7024f) returned 0 [0046.010] InitCommonControls () [0046.010] InitCommonControls () [0046.010] ImageList_BeginDrag (himlTrack=0x15214, iTrack=50, dxHotspot=215, dyHotspot=6) returned 0 [0046.010] ImageList_EndDrag () [0046.010] ImageList_DragLeave (hwndLock=0x4e742) returned 0 [0046.010] InitCommonControls () [0046.010] ImageList_BeginDrag (himlTrack=0x379c7, iTrack=42, dxHotspot=156, dyHotspot=147) returned 0 [0046.010] InitCommonControls () [0046.010] ImageList_BeginDrag (himlTrack=0x41fd, iTrack=64, dxHotspot=373, dyHotspot=310) returned 0 [0046.010] ImageList_DragEnter (hwndLock=0x0, x=414, y=314) returned 0 [0046.010] ImageList_BeginDrag (himlTrack=0x4c67d, iTrack=44, dxHotspot=133, dyHotspot=98) returned 0 [0046.010] ImageList_DragMove (x=421, y=446) returned 0 [0046.010] ImageList_DragEnter (hwndLock=0x34b3d, x=428, y=123) returned 0 [0046.010] ImageList_DragEnter (hwndLock=0x3608b, x=26, y=439) returned 0 [0046.011] InitCommonControls () [0046.011] ImageList_DragEnter (hwndLock=0x371bc, x=64, y=367) returned 0 [0046.011] ImageList_EndDrag () [0046.011] ImageList_DragMove (x=402, y=394) returned 0 [0046.011] InitCommonControls () [0046.011] ImageList_DragMove (x=13, y=233) returned 0 [0046.011] ImageList_BeginDrag (himlTrack=0x7ffa0, iTrack=79, dxHotspot=55, dyHotspot=98) returned 0 [0046.012] ImageList_EndDrag () [0046.012] ImageList_DragLeave (hwndLock=0xa695) returned 0 [0046.012] ImageList_BeginDrag (himlTrack=0x21569, iTrack=56, dxHotspot=216, dyHotspot=36) returned 0 [0046.012] ImageList_DragMove (x=444, y=459) returned 0 [0046.012] ImageList_DragLeave (hwndLock=0x1ab1e) returned 0 [0046.012] ImageList_BeginDrag (himlTrack=0x2ed9e, iTrack=22, dxHotspot=323, dyHotspot=138) returned 0 [0046.013] ImageList_DragEnter (hwndLock=0x30c38, x=258, y=471) returned 0 [0046.013] ImageList_DragLeave (hwndLock=0x27201) returned 0 [0046.013] ImageList_EndDrag () [0046.013] ImageList_EndDrag () [0046.013] ImageList_BeginDrag (himlTrack=0x23de6, iTrack=100, dxHotspot=462, dyHotspot=407) returned 0 [0046.013] ImageList_BeginDrag (himlTrack=0x9597, iTrack=26, dxHotspot=321, dyHotspot=44) returned 0 [0046.013] ImageList_BeginDrag (himlTrack=0x2fadd, iTrack=75, dxHotspot=6, dyHotspot=0) returned 0 [0046.013] InitCommonControls () [0046.013] ImageList_BeginDrag (himlTrack=0x18ff3c, iTrack=17, dxHotspot=219, dyHotspot=407) returned 0 [0046.013] ImageList_DragEnter (hwndLock=0x310da, x=195, y=145) returned 0 [0046.013] ImageList_EndDrag () [0046.013] ImageList_DragLeave (hwndLock=0x5b740) returned 0 [0046.013] ImageList_EndDrag () [0046.013] ImageList_DragLeave (hwndLock=0x2ee3d) returned 0 [0046.013] ImageList_BeginDrag (himlTrack=0x73355, iTrack=0, dxHotspot=66, dyHotspot=377) returned 0 [0046.013] ImageList_EndDrag () [0046.013] ImageList_DragEnter (hwndLock=0xbe8d, x=374, y=19) returned 0 [0046.013] ImageList_DragMove (x=208, y=168) returned 0 [0046.013] InitCommonControls () [0046.013] InitCommonControls () [0046.013] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.014] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.015] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.016] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.017] GetACP () returned 0x4e4 [0046.018] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.019] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.020] GetACP () returned 0x4e4 [0046.021] GetACP () returned 0x4e4 [0046.021] GetACP () returned 0x4e4 [0046.021] GetACP () returned 0x4e4 [0046.021] GetACP () returned 0x4e4 [0046.021] GetACP () returned 0x4e4 [0046.021] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.022] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.023] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.024] GetACP () returned 0x4e4 [0046.025] GetACP () returned 0x4e4 [0046.025] GetACP () returned 0x4e4 [0046.025] GetACP () returned 0x4e4 [0046.025] GetACP () returned 0x4e4 [0046.025] GetACP () returned 0x4e4 [0046.025] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.026] GetACP () returned 0x4e4 [0046.027] GetACP () returned 0x4e4 [0046.027] GetACP () returned 0x4e4 [0046.027] GetACP () returned 0x4e4 [0046.027] GetACP () returned 0x4e4 [0046.027] GetACP () returned 0x4e4 [0046.027] GetACP () returned 0x4e4 [0046.028] GetACP () returned 0x4e4 [0046.028] GetACP () returned 0x4e4 [0046.028] GetACP () returned 0x4e4 [0046.028] GetACP () returned 0x4e4 [0046.057] GetACP () returned 0x4e4 [0046.057] GetACP () returned 0x4e4 [0046.057] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.058] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.059] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.060] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.061] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.062] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.063] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.064] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.065] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.066] GetACP () returned 0x4e4 [0046.067] GetACP () returned 0x4e4 [0046.067] GetACP () returned 0x4e4 [0046.069] GetACP () returned 0x4e4 [0046.069] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.070] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.071] GetACP () returned 0x4e4 [0046.114] GetACP () returned 0x4e4 [0046.115] GetACP () returned 0x4e4 [0046.115] GetACP () returned 0x4e4 [0046.115] GetACP () returned 0x4e4 [0046.115] GetACP () returned 0x4e4 [0046.115] GetACP () returned 0x4e4 [0050.302] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0050.302] VirtualAlloc (lpAddress=0x0, dwSize=0x11a00, flAllocationType=0x1000, flProtect=0x4) returned 0x1e0000 [0050.302] GetACP () returned 0x4e4 [0050.302] GetACP () returned 0x4e4 [0050.302] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.303] GetACP () returned 0x4e4 [0050.304] GetACP () returned 0x4e4 [0050.304] GetACP () returned 0x4e4 [0050.307] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.308] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.309] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.310] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.311] GetACP () returned 0x4e4 [0050.312] GetACP () returned 0x4e4 [0050.319] GetACP () returned 0x4e4 [0050.348] GetACP () returned 0x4e4 [0050.348] GetACP () returned 0x4e4 [0050.348] GetACP () returned 0x4e4 [0050.348] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.349] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.350] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.351] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.352] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.353] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.354] GetACP () returned 0x4e4 [0050.355] GetACP () returned 0x4e4 [0050.355] GetACP () returned 0x4e4 [0050.355] GetACP () returned 0x4e4 [0050.355] GetACP () returned 0x4e4 [0050.355] GetACP () returned 0x4e4 [0050.355] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.356] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.367] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.368] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.369] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.370] GetACP () returned 0x4e4 [0050.371] GetACP () returned 0x4e4 [0050.371] GetACP () returned 0x4e4 [0050.371] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.384] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.385] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.386] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.387] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0050.388] GetACP () returned 0x4e4 [0054.876] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1b000, flNewProtect=0x40, lpflOldProtect=0x1d90f0 | out: lpflOldProtect=0x1d90f0*=0x2) returned 1 [0054.879] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1d90f0 | out: lpflOldProtect=0x1d90f0*=0x40) returned 1 [0054.879] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0054.879] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75fd0000 [0054.879] GetProcAddress (hModule=0x75fd0000, lpProcName="OutputDebugStringA") returned 0x7600b2b7 [0054.879] GetProcAddress (hModule=0x75fd0000, lpProcName="HeapValidate") returned 0x75ffb17b [0054.895] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f61c, nSize=0x1000 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin")) returned 0x2e [0054.896] GetVersionExW (in: lpVersionInformation=0x18fcbc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fcbc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0054.896] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18fca8 | out: Wow64Process=0x18fca8) returned 1 [0054.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc84 | out: TokenHandle=0x18fc84*=0xcc) returned 1 [0054.896] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc80 | out: TokenInformation=0x0, ReturnLength=0x18fc80) returned 0 [0054.896] GetLastError () returned 0x7a [0054.896] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x1ed0f98, TokenInformationLength=0x118, ReturnLength=0x18fc80 | out: TokenInformation=0x1ed0f98, ReturnLength=0x18fc80) returned 1 [0054.896] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fc90, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fc88 | out: pSid=0x18fc88*=0x2e1be0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0054.896] EqualSid (pSid1=0x2e1be0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1ed0ffc*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25))) returned 0 [0054.896] EqualSid (pSid1=0x2e1be0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1ed1018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 0 [0054.896] EqualSid (pSid1=0x2e1be0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1ed1024*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0054.897] NtClose (Handle=0xcc) returned 0x0 [0054.897] RtlQueryElevationFlags () returned 0x0 [0054.898] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0054.898] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x1edb8d0, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0054.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x1edbbe0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0054.899] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x1edb8d0, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0054.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x1edbc40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0054.899] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SAM") returned 0x0 [0054.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x1edbc88, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0054.899] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0054.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x1edbc40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0054.902] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0054.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1edbc88, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0054.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0054.903] RegCloseKey (hKey=0x80000002) returned 0x0 [0054.903] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x1edb8d0, cchName=0x104 | out: lpName="ATI Technologies") returned 0x0 [0054.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x1edc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ati technologies", lpUsedDefaultChar=0x0) returned 16 [0054.903] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x1edb8d0, cchName=0x104 | out: lpName="CBSTEST") returned 0x0 [0054.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cbstest", lpUsedDefaultChar=0x0) returned 7 [0054.903] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Classes") returned 0x0 [0054.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x1edc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="classes", lpUsedDefaultChar=0x0) returned 7 [0054.904] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Clients") returned 0x0 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clients", lpUsedDefaultChar=0x0) returned 7 [0054.904] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Intel") returned 0x0 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intel", lpUsedDefaultChar=0x0) returned 5 [0054.904] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x5, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Macromedia") returned 0x0 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x1edc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="macromedia", lpUsedDefaultChar=0x0) returned 10 [0054.905] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x6, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Microsoft") returned 0x0 [0054.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft", lpUsedDefaultChar=0x0) returned 9 [0054.905] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0054.905] RegCloseKey (hKey=0xcc) returned 0x0 [0054.905] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0x1edb8d0, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0054.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0054.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x1edc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0054.905] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Active Setup") returned 0x0 [0054.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x1edc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active setup", lpUsedDefaultChar=0x0) returned 12 [0054.906] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0x1edb8d0, cchName=0x104 | out: lpName="ADs") returned 0x0 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ads", lpUsedDefaultChar=0x0) returned 3 [0054.906] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Advanced INF Setup") returned 0x0 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x1edc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advanced inf setup", lpUsedDefaultChar=0x0) returned 18 [0054.906] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0x1edb8d0, cchName=0x104 | out: lpName="ALG") returned 0x0 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0054.907] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0x1edb8d0, cchName=0x104 | out: lpName="ASP.NET") returned 0x0 [0054.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x1edc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net", lpUsedDefaultChar=0x0) returned 7 [0054.907] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Assistance") returned 0x0 [0054.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x1edc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="assistance", lpUsedDefaultChar=0x0) returned 10 [0054.907] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0x1edb8d0, cchName=0x104 | out: lpName="BidInterface") returned 0x0 [0054.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x1edc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bidinterface", lpUsedDefaultChar=0x0) returned 12 [0054.907] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0x1edb8d0, cchName=0x104 | out: lpName="COM3") returned 0x0 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="com3", lpUsedDefaultChar=0x0) returned 4 [0054.908] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Command Processor") returned 0x0 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x1edc0c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="command processor", lpUsedDefaultChar=0x0) returned 17 [0054.908] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Connect to a Network Projector") returned 0x0 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x1edc108, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="connect to a network projector", lpUsedDefaultChar=0x0) returned 30 [0054.908] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0054.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x1edc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptography", lpUsedDefaultChar=0x0) returned 12 [0054.909] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0x1edb8d0, cchName=0x104 | out: lpName="CTF") returned 0x0 [0054.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctf", lpUsedDefaultChar=0x0) returned 3 [0054.909] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DataAccess") returned 0x0 [0054.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x1edc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dataaccess", lpUsedDefaultChar=0x0) returned 10 [0054.909] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DataFactory") returned 0x0 [0054.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datafactory", lpUsedDefaultChar=0x0) returned 11 [0054.910] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DevDiv") returned 0x0 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x1edc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="devdiv", lpUsedDefaultChar=0x0) returned 6 [0054.910] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Dfrg") returned 0x0 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfrg", lpUsedDefaultChar=0x0) returned 4 [0054.910] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DFS") returned 0x0 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfs", lpUsedDefaultChar=0x0) returned 3 [0054.911] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectDraw") returned 0x0 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x1edc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directdraw", lpUsedDefaultChar=0x0) returned 10 [0054.911] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectInput") returned 0x0 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directinput", lpUsedDefaultChar=0x0) returned 11 [0054.911] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectMusic") returned 0x0 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directmusic", lpUsedDefaultChar=0x0) returned 11 [0054.911] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectPlay8") returned 0x0 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplay8", lpUsedDefaultChar=0x0) returned 11 [0054.912] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectPlayNATHelp") returned 0x0 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x1edc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplaynathelp", lpUsedDefaultChar=0x0) returned 17 [0054.912] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectShow") returned 0x0 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x1edc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directshow", lpUsedDefaultChar=0x0) returned 10 [0054.912] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DirectX") returned 0x0 [0054.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directx", lpUsedDefaultChar=0x0) returned 7 [0054.913] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Driver Signing") returned 0x0 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x1edc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driver signing", lpUsedDefaultChar=0x0) returned 14 [0054.913] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DRM") returned 0x0 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drm", lpUsedDefaultChar=0x0) returned 3 [0054.913] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DVR") returned 0x0 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dvr", lpUsedDefaultChar=0x0) returned 3 [0054.914] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DXP") returned 0x0 [0054.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dxp", lpUsedDefaultChar=0x0) returned 3 [0054.914] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="EnterpriseCertificates") returned 0x0 [0054.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0054.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x1edc0c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enterprisecertificates", lpUsedDefaultChar=0x0) returned 22 [0054.914] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0054.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0054.914] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Exchange") returned 0x0 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exchange", lpUsedDefaultChar=0x0) returned 8 [0054.915] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Fax") returned 0x0 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0054.915] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Feeds") returned 0x0 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feeds", lpUsedDefaultChar=0x0) returned 5 [0054.915] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0x1edb8d0, cchName=0x104 | out: lpName="FlashConfig") returned 0x0 [0054.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashconfig", lpUsedDefaultChar=0x0) returned 11 [0054.916] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0x1edb8d0, cchName=0x104 | out: lpName="FTH") returned 0x0 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fth", lpUsedDefaultChar=0x0) returned 3 [0054.916] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Function Discovery") returned 0x0 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x1edc108, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="function discovery", lpUsedDefaultChar=0x0) returned 18 [0054.916] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Fusion") returned 0x0 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x1edc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fusion", lpUsedDefaultChar=0x0) returned 6 [0054.917] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0x1edb8d0, cchName=0x104 | out: lpName="GPUPipeline") returned 0x0 [0054.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpupipeline", lpUsedDefaultChar=0x0) returned 11 [0054.917] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0x1edb8d0, cchName=0x104 | out: lpName="HTMLHelp") returned 0x0 [0054.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="htmlhelp", lpUsedDefaultChar=0x0) returned 8 [0054.917] RegEnumKeyW (in: hKey=0x38, dwIndex=0x28, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IdentityCRL") returned 0x0 [0054.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitycrl", lpUsedDefaultChar=0x0) returned 11 [0054.918] RegEnumKeyW (in: hKey=0x38, dwIndex=0x29, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IdentityStore") returned 0x0 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x1edc0c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitystore", lpUsedDefaultChar=0x0) returned 13 [0054.918] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IMAPI") returned 0x0 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x1edc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imapi", lpUsedDefaultChar=0x0) returned 5 [0054.918] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IMEJP") returned 0x0 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imejp", lpUsedDefaultChar=0x0) returned 5 [0054.918] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IMEKR") returned 0x0 [0054.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x1edc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imekr", lpUsedDefaultChar=0x0) returned 5 [0054.919] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IMETC") returned 0x0 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imetc", lpUsedDefaultChar=0x0) returned 5 [0054.919] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Internet Account Manager") returned 0x0 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x1edc108, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet account manager", lpUsedDefaultChar=0x0) returned 24 [0054.919] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Internet Domains") returned 0x0 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x1edc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet domains", lpUsedDefaultChar=0x0) returned 16 [0054.920] RegEnumKeyW (in: hKey=0x38, dwIndex=0x30, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Internet Explorer") returned 0x0 [0054.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0054.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x1edc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet explorer", lpUsedDefaultChar=0x0) returned 17 [0054.920] RegEnumKeyW (in: hKey=0x38, dwIndex=0x31, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IsoBurn") returned 0x0 [0054.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x1edc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isoburn", lpUsedDefaultChar=0x0) returned 7 [0054.920] RegEnumKeyW (in: hKey=0x38, dwIndex=0x32, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Loki") returned 0x0 [0054.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="loki", lpUsedDefaultChar=0x0) returned 4 [0054.921] RegEnumKeyW (in: hKey=0x38, dwIndex=0x33, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MediaCenterPeripheral") returned 0x0 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x1edc0c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediacenterperipheral", lpUsedDefaultChar=0x0) returned 21 [0054.921] RegEnumKeyW (in: hKey=0x38, dwIndex=0x34, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MediaPlayer") returned 0x0 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediaplayer", lpUsedDefaultChar=0x0) returned 11 [0054.921] RegEnumKeyW (in: hKey=0x38, dwIndex=0x35, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MessengerService") returned 0x0 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x1edc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messengerservice", lpUsedDefaultChar=0x0) returned 16 [0054.921] RegEnumKeyW (in: hKey=0x38, dwIndex=0x36, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Microsoft Reference") returned 0x0 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x1edc108, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft reference", lpUsedDefaultChar=0x0) returned 19 [0054.921] RegEnumKeyW (in: hKey=0x38, dwIndex=0x37, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Microsoft SQL Server Compact Edition") returned 0x0 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0054.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x1edc0c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sql server compact edition", lpUsedDefaultChar=0x0) returned 36 [0054.921] RegEnumKeyW (in: hKey=0x38, dwIndex=0x38, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MigWiz") returned 0x0 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x1edc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="migwiz", lpUsedDefaultChar=0x0) returned 6 [0054.922] RegEnumKeyW (in: hKey=0x38, dwIndex=0x39, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MMC") returned 0x0 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmc", lpUsedDefaultChar=0x0) returned 3 [0054.922] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Mobile") returned 0x0 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x1edc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mobile", lpUsedDefaultChar=0x0) returned 6 [0054.922] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSBuild") returned 0x0 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x1edc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msbuild", lpUsedDefaultChar=0x0) returned 7 [0054.922] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSDE") returned 0x0 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msde", lpUsedDefaultChar=0x0) returned 4 [0054.922] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0054.923] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSF") returned 0x0 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msf", lpUsedDefaultChar=0x0) returned 3 [0054.923] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSLicensing") returned 0x0 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mslicensing", lpUsedDefaultChar=0x0) returned 11 [0054.923] RegEnumKeyW (in: hKey=0x38, dwIndex=0x40, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSMQ") returned 0x0 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msmq", lpUsedDefaultChar=0x0) returned 4 [0054.923] RegEnumKeyW (in: hKey=0x38, dwIndex=0x41, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSN Apps") returned 0x0 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msn apps", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msn apps", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msn apps", lpUsedDefaultChar=0x0) returned 8 [0054.923] RegEnumKeyW (in: hKey=0x38, dwIndex=0x42, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSOSOAP") returned 0x0 [0054.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msosoap", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msosoap", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msosoap", lpUsedDefaultChar=0x0) returned 7 [0054.924] RegEnumKeyW (in: hKey=0x38, dwIndex=0x43, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSSearch36") returned 0x0 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssearch36", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssearch36", cchWideChar=10, lpMultiByteStr=0x1edc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssearch36", lpUsedDefaultChar=0x0) returned 10 [0054.924] RegEnumKeyW (in: hKey=0x38, dwIndex=0x44, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSSQLServer") returned 0x0 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssqlserver", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssqlserver", cchWideChar=11, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssqlserver", lpUsedDefaultChar=0x0) returned 11 [0054.924] RegEnumKeyW (in: hKey=0x38, dwIndex=0x45, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Multimedia") returned 0x0 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x1edc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="multimedia", lpUsedDefaultChar=0x0) returned 10 [0054.924] RegEnumKeyW (in: hKey=0x38, dwIndex=0x46, lpName=0x1edb8d0, cchName=0x104 | out: lpName="NapServer") returned 0x0 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napserver", cchWideChar=9, lpMultiByteStr=0x1edc108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="napserver", lpUsedDefaultChar=0x0) returned 9 [0054.924] RegEnumKeyW (in: hKey=0x38, dwIndex=0x47, lpName=0x1edb8d0, cchName=0x104 | out: lpName="NET Framework Setup") returned 0x0 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="net framework setup", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0054.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="net framework setup", cchWideChar=19, lpMultiByteStr=0x1edc0c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="net framework setup", lpUsedDefaultChar=0x0) returned 19 [0054.925] RegEnumKeyW (in: hKey=0x38, dwIndex=0x48, lpName=0x1edb8d0, cchName=0x104 | out: lpName="NetSh") returned 0x0 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netsh", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netsh", cchWideChar=5, lpMultiByteStr=0x1edc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh", lpUsedDefaultChar=0x0) returned 5 [0054.925] RegEnumKeyW (in: hKey=0x38, dwIndex=0x49, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Network") returned 0x0 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x1edc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="network", lpUsedDefaultChar=0x0) returned 7 [0054.925] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="NetworkAccessProtection") returned 0x0 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkaccessprotection", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkaccessprotection", cchWideChar=23, lpMultiByteStr=0x1edc108, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="networkaccessprotection", lpUsedDefaultChar=0x0) returned 23 [0054.925] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Non-Driver Signing") returned 0x0 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="non-driver signing", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="non-driver signing", cchWideChar=18, lpMultiByteStr=0x1edc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="non-driver signing", lpUsedDefaultChar=0x0) returned 18 [0054.925] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Notepad") returned 0x0 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad", lpUsedDefaultChar=0x0) returned 7 [0054.926] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="ODBC") returned 0x0 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="odbc", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="odbc", cchWideChar=4, lpMultiByteStr=0x1edc0c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="odbc", lpUsedDefaultChar=0x0) returned 4 [0054.926] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Office") returned 0x0 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x1edc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="office", lpUsedDefaultChar=0x0) returned 6 [0054.926] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="OfficeSoftwareProtectionPlatform") returned 0x0 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="officesoftwareprotectionplatform", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="officesoftwareprotectionplatform", cchWideChar=32, lpMultiByteStr=0x1edc0c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="officesoftwareprotectionplatform", lpUsedDefaultChar=0x0) returned 32 [0054.926] RegEnumKeyW (in: hKey=0x38, dwIndex=0x50, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Ole") returned 0x0 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ole", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ole", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ole", lpUsedDefaultChar=0x0) returned 3 [0054.926] RegEnumKeyW (in: hKey=0x38, dwIndex=0x51, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Outlook Express") returned 0x0 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="outlook express", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="outlook express", cchWideChar=15, lpMultiByteStr=0x1edc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook express", lpUsedDefaultChar=0x0) returned 15 [0054.926] RegEnumKeyW (in: hKey=0x38, dwIndex=0x52, lpName=0x1edb8d0, cchName=0x104 | out: lpName="PLA") returned 0x0 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pla", lpUsedDefaultChar=0x0) returned 3 [0054.927] RegEnumKeyW (in: hKey=0x38, dwIndex=0x53, lpName=0x1edb8d0, cchName=0x104 | out: lpName="PowerShell") returned 0x0 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell", cchWideChar=10, lpMultiByteStr=0x1edc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powershell", lpUsedDefaultChar=0x0) returned 10 [0054.927] RegEnumKeyW (in: hKey=0x38, dwIndex=0x54, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Print") returned 0x0 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="print", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="print", cchWideChar=5, lpMultiByteStr=0x1edc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="print", lpUsedDefaultChar=0x0) returned 5 [0054.927] RegEnumKeyW (in: hKey=0x38, dwIndex=0x55, lpName=0x1edb8d0, cchName=0x104 | out: lpName="RADAR") returned 0x0 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="radar", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="radar", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="radar", lpUsedDefaultChar=0x0) returned 5 [0054.927] RegEnumKeyW (in: hKey=0x38, dwIndex=0x56, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Ras") returned 0x0 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras", lpUsedDefaultChar=0x0) returned 3 [0054.927] RegEnumKeyW (in: hKey=0x38, dwIndex=0x57, lpName=0x1edb8d0, cchName=0x104 | out: lpName="RAS AutoDial") returned 0x0 [0054.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x1edc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras autodial", lpUsedDefaultChar=0x0) returned 12 [0054.928] RegEnumKeyW (in: hKey=0x38, dwIndex=0x58, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Reliability Analysis") returned 0x0 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="reliability analysis", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="reliability analysis", cchWideChar=20, lpMultiByteStr=0x1edc108, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reliability analysis", lpUsedDefaultChar=0x0) returned 20 [0054.928] RegEnumKeyW (in: hKey=0x38, dwIndex=0x59, lpName=0x1edb8d0, cchName=0x104 | out: lpName="RemovalTools") returned 0x0 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="removaltools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="removaltools", cchWideChar=12, lpMultiByteStr=0x1edc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="removaltools", lpUsedDefaultChar=0x0) returned 12 [0054.928] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="RendezvousApps") returned 0x0 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rendezvousapps", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rendezvousapps", cchWideChar=14, lpMultiByteStr=0x1edc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rendezvousapps", lpUsedDefaultChar=0x0) returned 14 [0054.928] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Router") returned 0x0 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="router", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="router", cchWideChar=6, lpMultiByteStr=0x1edc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="router", lpUsedDefaultChar=0x0) returned 6 [0054.928] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Rpc") returned 0x0 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpc", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpc", lpUsedDefaultChar=0x0) returned 3 [0054.929] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SchedulingAgent") returned 0x0 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedulingagent", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedulingagent", cchWideChar=15, lpMultiByteStr=0x1edc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schedulingagent", lpUsedDefaultChar=0x0) returned 15 [0054.929] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Schema Library") returned 0x0 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schema library", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schema library", cchWideChar=14, lpMultiByteStr=0x1edc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schema library", lpUsedDefaultChar=0x0) returned 14 [0054.929] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Security Center") returned 0x0 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security center", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security center", cchWideChar=15, lpMultiByteStr=0x1edc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security center", lpUsedDefaultChar=0x0) returned 15 [0054.929] RegEnumKeyW (in: hKey=0x38, dwIndex=0x60, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Sensors") returned 0x0 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensors", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensors", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sensors", lpUsedDefaultChar=0x0) returned 7 [0054.929] RegEnumKeyW (in: hKey=0x38, dwIndex=0x61, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Shared") returned 0x0 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x1edc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared", lpUsedDefaultChar=0x0) returned 6 [0054.929] RegEnumKeyW (in: hKey=0x38, dwIndex=0x62, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Shared Tools") returned 0x0 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x1edc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools", lpUsedDefaultChar=0x0) returned 12 [0054.930] RegEnumKeyW (in: hKey=0x38, dwIndex=0x63, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Shared Tools Location") returned 0x0 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools location", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools location", cchWideChar=21, lpMultiByteStr=0x1edc0c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools location", lpUsedDefaultChar=0x0) returned 21 [0054.930] RegEnumKeyW (in: hKey=0x38, dwIndex=0x64, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SideShow") returned 0x0 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x1edc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sideshow", lpUsedDefaultChar=0x0) returned 8 [0054.930] RegEnumKeyW (in: hKey=0x38, dwIndex=0x65, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SnippingTool") returned 0x0 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snippingtool", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snippingtool", cchWideChar=12, lpMultiByteStr=0x1edc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snippingtool", lpUsedDefaultChar=0x0) returned 12 [0054.930] RegEnumKeyW (in: hKey=0x38, dwIndex=0x66, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Software") returned 0x0 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1edc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0054.930] RegEnumKeyW (in: hKey=0x38, dwIndex=0x67, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Speech") returned 0x0 [0054.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x1edc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="speech", lpUsedDefaultChar=0x0) returned 6 [0054.931] RegEnumKeyW (in: hKey=0x38, dwIndex=0x68, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SQMClient") returned 0x0 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x1edc108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sqmclient", lpUsedDefaultChar=0x0) returned 9 [0054.931] RegEnumKeyW (in: hKey=0x38, dwIndex=0x69, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Sync Framework") returned 0x0 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sync framework", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sync framework", cchWideChar=14, lpMultiByteStr=0x1edc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sync framework", lpUsedDefaultChar=0x0) returned 14 [0054.931] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Sysprep") returned 0x0 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysprep", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysprep", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sysprep", lpUsedDefaultChar=0x0) returned 7 [0054.931] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="SystemCertificates") returned 0x0 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x1edc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="systemcertificates", lpUsedDefaultChar=0x0) returned 18 [0054.931] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="TableTextService") returned 0x0 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletextservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletextservice", cchWideChar=16, lpMultiByteStr=0x1edc108, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tabletextservice", lpUsedDefaultChar=0x0) returned 16 [0054.932] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="TabletTip") returned 0x0 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tablettip", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tablettip", cchWideChar=9, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tablettip", lpUsedDefaultChar=0x0) returned 9 [0054.932] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Tcpip") returned 0x0 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tcpip", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tcpip", cchWideChar=5, lpMultiByteStr=0x1edc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tcpip", lpUsedDefaultChar=0x0) returned 5 [0054.932] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Terminal Server Client") returned 0x0 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="terminal server client", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="terminal server client", cchWideChar=22, lpMultiByteStr=0x1edc0c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="terminal server client", lpUsedDefaultChar=0x0) returned 22 [0054.932] RegEnumKeyW (in: hKey=0x38, dwIndex=0x70, lpName=0x1edb8d0, cchName=0x104 | out: lpName="TermServLicensing") returned 0x0 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservlicensing", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservlicensing", cchWideChar=17, lpMultiByteStr=0x1edc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="termservlicensing", lpUsedDefaultChar=0x0) returned 17 [0054.932] RegEnumKeyW (in: hKey=0x38, dwIndex=0x71, lpName=0x1edb8d0, cchName=0x104 | out: lpName="TIP Shared") returned 0x0 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tip shared", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tip shared", cchWideChar=10, lpMultiByteStr=0x1edc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tip shared", lpUsedDefaultChar=0x0) returned 10 [0054.932] RegEnumKeyW (in: hKey=0x38, dwIndex=0x72, lpName=0x1edb8d0, cchName=0x104 | out: lpName="TPG") returned 0x0 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpg", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tpg", lpUsedDefaultChar=0x0) returned 3 [0054.933] RegEnumKeyW (in: hKey=0x38, dwIndex=0x73, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Tpm") returned 0x0 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpm", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tpm", lpUsedDefaultChar=0x0) returned 3 [0054.933] RegEnumKeyW (in: hKey=0x38, dwIndex=0x74, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Tracing") returned 0x0 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tracing", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tracing", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tracing", lpUsedDefaultChar=0x0) returned 7 [0054.933] RegEnumKeyW (in: hKey=0x38, dwIndex=0x75, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Transaction Server") returned 0x0 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transaction server", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transaction server", cchWideChar=18, lpMultiByteStr=0x1edc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transaction server", lpUsedDefaultChar=0x0) returned 18 [0054.933] RegEnumKeyW (in: hKey=0x38, dwIndex=0x76, lpName=0x1edb8d0, cchName=0x104 | out: lpName="TV System Services") returned 0x0 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tv system services", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0054.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tv system services", cchWideChar=18, lpMultiByteStr=0x1edc108, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tv system services", lpUsedDefaultChar=0x0) returned 18 [0054.933] RegEnumKeyW (in: hKey=0x38, dwIndex=0x77, lpName=0x1edb8d0, cchName=0x104 | out: lpName="uDRM") returned 0x0 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="udrm", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="udrm", cchWideChar=4, lpMultiByteStr=0x1edc0c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="udrm", lpUsedDefaultChar=0x0) returned 4 [0054.934] RegEnumKeyW (in: hKey=0x38, dwIndex=0x78, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Updates") returned 0x0 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="updates", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="updates", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updates", lpUsedDefaultChar=0x0) returned 7 [0054.934] RegEnumKeyW (in: hKey=0x38, dwIndex=0x79, lpName=0x1edb8d0, cchName=0x104 | out: lpName="UPnP Device Host") returned 0x0 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnp device host", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnp device host", cchWideChar=16, lpMultiByteStr=0x1edc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="upnp device host", lpUsedDefaultChar=0x0) returned 16 [0054.934] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="VBA") returned 0x0 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vba", lpUsedDefaultChar=0x0) returned 3 [0054.934] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Virtual Machine") returned 0x0 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="virtual machine", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="virtual machine", cchWideChar=15, lpMultiByteStr=0x1edc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="virtual machine", lpUsedDefaultChar=0x0) returned 15 [0054.934] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="VisualStudio") returned 0x0 [0054.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x1edc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="visualstudio", lpUsedDefaultChar=0x0) returned 12 [0054.935] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="WAB") returned 0x0 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wab", lpUsedDefaultChar=0x0) returned 3 [0054.935] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="WBEM") returned 0x0 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbem", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbem", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbem", lpUsedDefaultChar=0x0) returned 4 [0054.935] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="WIMMount") returned 0x0 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wimmount", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wimmount", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wimmount", lpUsedDefaultChar=0x0) returned 8 [0054.935] RegEnumKeyW (in: hKey=0x38, dwIndex=0x80, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Windows") returned 0x0 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="windows", lpUsedDefaultChar=0x0) returned 7 [0054.935] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Windows", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0054.935] RegCloseKey (hKey=0x38) returned 0x0 [0054.935] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x1edb8d0, cchName=0x104 | out: lpName="CurrentVersion") returned 0x0 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x1edc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentversion", lpUsedDefaultChar=0x0) returned 14 [0054.936] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="CurrentVersion", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0054.936] RegCloseKey (hKey=0xcc) returned 0x0 [0054.936] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0x1edb8d0, cchName=0x104 | out: lpName="App Management") returned 0x0 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app management", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app management", cchWideChar=14, lpMultiByteStr=0x1edc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="app management", lpUsedDefaultChar=0x0) returned 14 [0054.936] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0x1edb8d0, cchName=0x104 | out: lpName="App Paths") returned 0x0 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app paths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app paths", cchWideChar=9, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="app paths", lpUsedDefaultChar=0x0) returned 9 [0054.936] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Applets") returned 0x0 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="applets", lpUsedDefaultChar=0x0) returned 7 [0054.936] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Audio") returned 0x0 [0054.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audio", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audio", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audio", lpUsedDefaultChar=0x0) returned 5 [0054.937] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Authentication") returned 0x0 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="authentication", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="authentication", cchWideChar=14, lpMultiByteStr=0x1edc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="authentication", lpUsedDefaultChar=0x0) returned 14 [0054.937] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0x1edb8d0, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitlocker", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitlocker", cchWideChar=9, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitlocker", lpUsedDefaultChar=0x0) returned 9 [0054.937] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0x1edb8d0, cchName=0x104 | out: lpName="BITS") returned 0x0 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x1edc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0054.937] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Component Based Servicing") returned 0x0 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="component based servicing", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="component based servicing", cchWideChar=25, lpMultiByteStr=0x1edc0c0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="component based servicing", lpUsedDefaultChar=0x0) returned 25 [0054.937] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Control Panel") returned 0x0 [0054.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x1edc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control panel", lpUsedDefaultChar=0x0) returned 13 [0054.938] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Controls Folder") returned 0x0 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder", cchWideChar=15, lpMultiByteStr=0x1edc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controls folder", lpUsedDefaultChar=0x0) returned 15 [0054.938] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DateTime") returned 0x0 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datetime", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datetime", cchWideChar=8, lpMultiByteStr=0x1edc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datetime", lpUsedDefaultChar=0x0) returned 8 [0054.938] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Device Installer") returned 0x0 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device installer", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device installer", cchWideChar=16, lpMultiByteStr=0x1edc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="device installer", lpUsedDefaultChar=0x0) returned 16 [0054.938] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Device Metadata") returned 0x0 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device metadata", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device metadata", cchWideChar=15, lpMultiByteStr=0x1edc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="device metadata", lpUsedDefaultChar=0x0) returned 15 [0054.938] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagnostics", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagnostics", cchWideChar=11, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="diagnostics", lpUsedDefaultChar=0x0) returned 11 [0054.939] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0x1edb8d0, cchName=0x104 | out: lpName="DriverSearching") returned 0x0 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driversearching", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driversearching", cchWideChar=15, lpMultiByteStr=0x1edc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driversearching", lpUsedDefaultChar=0x0) returned 15 [0054.939] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0x1edb8d0, cchName=0x104 | out: lpName="EventCollector") returned 0x0 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventcollector", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventcollector", cchWideChar=14, lpMultiByteStr=0x1edc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventcollector", lpUsedDefaultChar=0x0) returned 14 [0054.939] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0x1edb8d0, cchName=0x104 | out: lpName="EventForwarding") returned 0x0 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventforwarding", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventforwarding", cchWideChar=15, lpMultiByteStr=0x1edc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventforwarding", lpUsedDefaultChar=0x0) returned 15 [0054.939] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0054.939] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Ext") returned 0x0 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ext", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ext", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ext", lpUsedDefaultChar=0x0) returned 3 [0054.939] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0x1edb8d0, cchName=0x104 | out: lpName="GameUX") returned 0x0 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gameux", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gameux", cchWideChar=6, lpMultiByteStr=0x1edc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gameux", lpUsedDefaultChar=0x0) returned 6 [0054.940] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Group Policy") returned 0x0 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="group policy", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="group policy", cchWideChar=12, lpMultiByteStr=0x1edc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="group policy", lpUsedDefaultChar=0x0) returned 12 [0054.940] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Hints") returned 0x0 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hints", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hints", cchWideChar=5, lpMultiByteStr=0x1edc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hints", lpUsedDefaultChar=0x0) returned 5 [0054.940] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0x1edb8d0, cchName=0x104 | out: lpName="HomeGroup") returned 0x0 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroup", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroup", cchWideChar=9, lpMultiByteStr=0x1edc108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroup", lpUsedDefaultChar=0x0) returned 9 [0054.940] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0x1edb8d0, cchName=0x104 | out: lpName="HotStart") returned 0x0 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hotstart", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hotstart", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hotstart", lpUsedDefaultChar=0x0) returned 8 [0054.940] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0x1edb8d0, cchName=0x104 | out: lpName="IME") returned 0x0 [0054.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x1edc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ime", lpUsedDefaultChar=0x0) returned 3 [0054.941] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Installer") returned 0x0 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="installer", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="installer", cchWideChar=9, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installer", lpUsedDefaultChar=0x0) returned 9 [0054.941] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Internet Settings") returned 0x0 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet settings", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet settings", cchWideChar=17, lpMultiByteStr=0x1edc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet settings", lpUsedDefaultChar=0x0) returned 17 [0054.941] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MCT") returned 0x0 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mct", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mct", cchWideChar=3, lpMultiByteStr=0x1edc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mct", lpUsedDefaultChar=0x0) returned 3 [0054.941] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Media Center") returned 0x0 [0054.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="media center", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="media center", cchWideChar=12, lpMultiByteStr=0x1edc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="media center", lpUsedDefaultChar=0x0) returned 12 [0054.942] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MMDevices") returned 0x0 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmdevices", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmdevices", cchWideChar=9, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmdevices", lpUsedDefaultChar=0x0) returned 9 [0054.942] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0x1edb8d0, cchName=0x104 | out: lpName="MSSHA") returned 0x0 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssha", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssha", cchWideChar=5, lpMultiByteStr=0x1edc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssha", lpUsedDefaultChar=0x0) returned 5 [0054.942] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0x1edb8d0, cchName=0x104 | out: lpName="NetCache") returned 0x0 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netcache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netcache", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netcache", lpUsedDefaultChar=0x0) returned 8 [0054.942] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0x1edb8d0, cchName=0x104 | out: lpName="OEMInformation") returned 0x0 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oeminformation", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oeminformation", cchWideChar=14, lpMultiByteStr=0x1edc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oeminformation", lpUsedDefaultChar=0x0) returned 14 [0054.942] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0x1edb8d0, cchName=0x104 | out: lpName="OOBE") returned 0x0 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oobe", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0054.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oobe", cchWideChar=4, lpMultiByteStr=0x1edc0c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oobe", lpUsedDefaultChar=0x0) returned 4 [0054.943] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0x1edb8d0, cchName=0x104 | out: lpName="OptimalLayout") returned 0x0 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="optimallayout", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="optimallayout", cchWideChar=13, lpMultiByteStr=0x1edc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="optimallayout", lpUsedDefaultChar=0x0) returned 13 [0054.943] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Parental Controls") returned 0x0 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="parental controls", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="parental controls", cchWideChar=17, lpMultiByteStr=0x1edc0c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="parental controls", lpUsedDefaultChar=0x0) returned 17 [0054.943] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Personalization") returned 0x0 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="personalization", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="personalization", cchWideChar=15, lpMultiByteStr=0x1edc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="personalization", lpUsedDefaultChar=0x0) returned 15 [0054.943] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0x1edb8d0, cchName=0x104 | out: lpName="PhotoPropertyHandler") returned 0x0 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="photopropertyhandler", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="photopropertyhandler", cchWideChar=20, lpMultiByteStr=0x1edc0c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="photopropertyhandler", lpUsedDefaultChar=0x0) returned 20 [0054.943] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0x1edb8d0, cchName=0x104 | out: lpName="PnPSysprep") returned 0x0 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnpsysprep", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnpsysprep", cchWideChar=10, lpMultiByteStr=0x1edc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnpsysprep", lpUsedDefaultChar=0x0) returned 10 [0054.943] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Policies") returned 0x0 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x1edc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0054.944] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Policies", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0054.944] RegCloseKey (hKey=0x38) returned 0x0 [0054.944] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x1edb8d0, cchName=0x104 | out: lpName="ActiveDesktop") returned 0x0 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activedesktop", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activedesktop", cchWideChar=13, lpMultiByteStr=0x1edc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="activedesktop", lpUsedDefaultChar=0x0) returned 13 [0054.944] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Attachments") returned 0x0 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="attachments", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="attachments", cchWideChar=11, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="attachments", lpUsedDefaultChar=0x0) returned 11 [0054.944] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x1edb8d0, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x1edc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0054.944] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x1edb8d0, cchName=0x104 | out: lpName="NonEnum") returned 0x0 [0054.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nonenum", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nonenum", cchWideChar=7, lpMultiByteStr=0x1edc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nonenum", lpUsedDefaultChar=0x0) returned 7 [0054.945] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x1edb8d0, cchName=0x104 | out: lpName="System") returned 0x0 [0054.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0054.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x1edc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0054.945] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="System", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0054.945] RegCloseKey (hKey=0xcc) returned 0x0 [0054.945] RegEnumValueA (in: hKey=0x38, dwIndex=0x0, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorAdmin", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.945] RegEnumValueA (in: hKey=0x38, dwIndex=0x1, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorUser", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.945] RegEnumValueA (in: hKey=0x38, dwIndex=0x2, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableInstallerDetection", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x3, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableLUA", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x4, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableSecureUIAPaths", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x5, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableUIADesktopToggle", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x6, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableVirtualization", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x7, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="PromptOnSecureDesktop", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x8, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ValidateAdminCodeSignatures", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0x9, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="dontdisplaylastusername", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0xa, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticecaption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0xb, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticetext", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.946] RegEnumValueA (in: hKey=0x38, dwIndex=0xc, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="scforceoption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.947] RegEnumValueA (in: hKey=0x38, dwIndex=0xd, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="shutdownwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.947] RegEnumValueA (in: hKey=0x38, dwIndex=0xe, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="undockwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.947] RegEnumValueA (in: hKey=0x38, dwIndex=0xf, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0054.947] RegEnumValueA (in: hKey=0x38, dwIndex=0x10, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0054.947] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x0, lpcbData=0x18fc34*=0x0 | out: lpType=0x18fc2c*=0x4, lpData=0x0, lpcbData=0x18fc34*=0x4) returned 0x0 [0054.947] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x1edc420, lpcbData=0x18fc34*=0x4 | out: lpType=0x18fc2c*=0x4, lpData=0x1edc420*=0x1, lpcbData=0x18fc34*=0x4) returned 0x0 [0054.947] RegCloseKey (hKey=0x38) returned 0x0 [0054.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fca8 | out: TokenHandle=0x18fca8*=0x38) returned 1 [0054.947] GetTokenInformation (in: TokenHandle=0x38, TokenInformationClass=0x14, TokenInformation=0x18fca4, TokenInformationLength=0x4, ReturnLength=0x18fca0 | out: TokenInformation=0x18fca4, ReturnLength=0x18fca0) returned 1 [0054.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc94 | out: TokenHandle=0x18fc94*=0xcc) returned 1 [0054.947] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc90 | out: TokenInformation=0x0, ReturnLength=0x18fc90) returned 0 [0054.947] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x1edc588, TokenInformationLength=0x14, ReturnLength=0x18fc90 | out: TokenInformation=0x1edc588, ReturnLength=0x18fc90) returned 1 [0054.948] GetSidSubAuthorityCount (pSid=0x1edc590*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x1edc591 [0054.948] GetSidSubAuthority (pSid=0x1edc590*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x1edc598 [0054.948] NtClose (Handle=0xcc) returned 0x0 [0054.948] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0054.952] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x30c7f0, lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50 | out: lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50) returned 1 [0054.952] CreateMutexA (lpMutexAttributes=0x18fd9c, bInitialOwner=0, lpName="") returned 0x110 [0054.952] GetLastError () returned 0x0 [0054.952] LocalFree (hMem=0x30c7f0) returned 0x0 [0054.952] CryptAcquireContextW (in: phProv=0x18fdc8, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fdc8*=0x30c7f0) returned 1 [0054.976] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0054.977] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x30c8b0, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0054.977] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x114 [0054.977] GetLastError () returned 0x0 [0054.977] LocalFree (hMem=0x30c8b0) returned 0x0 [0054.977] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0054.977] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x30c8b0, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0054.977] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x118 [0054.978] GetLastError () returned 0x0 [0054.978] LocalFree (hMem=0x30c8b0) returned 0x0 [0054.978] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0054.978] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x30c8b0, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0054.978] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x120 [0054.978] GetLastError () returned 0x0 [0054.978] LocalFree (hMem=0x30c8b0) returned 0x0 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc270, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc270, cbMultiByte=10, lpWideCharStr=0x1edbb58, cchWideChar=10 | out: lpWideCharStr="svsho*.exe") returned 10 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc1e0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc1e0, cbMultiByte=10, lpWideCharStr=0x1edfdc0, cchWideChar=10 | out: lpWideCharStr="schre*.bat") returned 10 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc198, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc198, cbMultiByte=7, lpWideCharStr=0x1edfe48, cchWideChar=7 | out: lpWideCharStr="V01.lo*") returned 7 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc150, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc150, cbMultiByte=7, lpWideCharStr=0x1edfed0, cchWideChar=7 | out: lpWideCharStr="V01.ch*") returned 7 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=11, lpWideCharStr=0x1edff58, cchWideChar=11 | out: lpWideCharStr="V01res*.jrs") returned 11 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc0c0, cbMultiByte=11, lpWideCharStr=0x1d80448, cchWideChar=11 | out: lpWideCharStr="RacWmi*.sdf") returned 11 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=11, lpWideCharStr=0x1d805f8, cchWideChar=11 | out: lpWideCharStr="Web*V01.dat") returned 11 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=25, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25 [0054.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=25, lpWideCharStr=0x1d80680, cchWideChar=25 | out: lpWideCharStr="System Volume Information") returned 25 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc150, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc150, cbMultiByte=12, lpWideCharStr=0x1d80708, cchWideChar=12 | out: lpWideCharStr="$RECYCLE.BIN") returned 12 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc198, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc198, cbMultiByte=8, lpWideCharStr=0x1d80790, cchWideChar=8 | out: lpWideCharStr="WebCache") returned 8 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=6, lpWideCharStr=0x1d80818, cchWideChar=6 | out: lpWideCharStr="Caches") returned 6 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc198, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc198, cbMultiByte=11, lpWideCharStr=0x1d808a0, cchWideChar=11 | out: lpWideCharStr="MSSQLSERVER") returned 11 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc150, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc150, cbMultiByte=14, lpWideCharStr=0x1d80928, cchWideChar=14 | out: lpWideCharStr="SQLSERVERAGENT") returned 14 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=9, lpWideCharStr=0x1d809b0, cchWideChar=9 | out: lpWideCharStr="SQLWriter") returned 9 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc0c0, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc0c0, cbMultiByte=14, lpWideCharStr=0x1d80a38, cchWideChar=14 | out: lpWideCharStr="MsDtsServer100") returned 14 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc1e0, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc1e0, cbMultiByte=14, lpWideCharStr=0x1d80ac0, cchWideChar=14 | out: lpWideCharStr="MsDtsServer110") returned 14 [0054.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=12, lpWideCharStr=0x1d80b48, cchWideChar=12 | out: lpWideCharStr="AcronisAgent") returned 12 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc0c0, cbMultiByte=9, lpWideCharStr=0x1d80bd0, cchWideChar=9 | out: lpWideCharStr="exfba.exe") returned 9 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc228, cbMultiByte=8, lpWideCharStr=0x1d80c58, cchWideChar=8 | out: lpWideCharStr="vmwp.exe") returned 8 [0054.981] ExpandEnvironmentStringsA (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\", lpDst=0x1d82558, nSize=0x2800 | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 0x32 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1d82558, cbMultiByte=49, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1d82558, cbMultiByte=49, lpWideCharStr=0x1d80ce0, cchWideChar=49 | out: lpWideCharStr="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 49 [0054.981] ExpandEnvironmentStringsA (in: lpSrc="%windir%", lpDst=0x1d82558, nSize=0x2800 | out: lpDst="C:\\Windows") returned 0xb [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1d82558, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0054.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1d82558, cbMultiByte=10, lpWideCharStr=0x1d80d68, cchWideChar=10 | out: lpWideCharStr="C:\\Windows") returned 10 [0054.981] ExpandEnvironmentStringsA (in: lpSrc="%temp%", lpDst=0x1d82558, nSize=0x2800 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0054.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1d82558, cbMultiByte=36, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 36 [0054.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1d82558, cbMultiByte=36, lpWideCharStr=0x1d80df0, cchWideChar=36 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 36 [0054.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0054.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc108, cbMultiByte=7, lpWideCharStr=0x1d80e78, cchWideChar=7 | out: lpWideCharStr=".locked") returned 7 [0054.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc468, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0054.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1edc468, cbMultiByte=11, lpWideCharStr=0x1d80f00, cchWideChar=11 | out: lpWideCharStr=".readme_txt") returned 11 [0054.982] WaitForSingleObject (hHandle=0x110, dwMilliseconds=0xffffffff) returned 0x0 [0054.982] GetSystemWow64DirectoryW (in: lpBuffer=0x1d877f8, uSize=0x40 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0054.983] FindFirstFileExW (in: lpFileName="C:\\Windows\\SysWOW64\\*.dll", fInfoLevelId=0x1, lpFindFileData=0x18fafc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18fafc) returned 0x30a718 [0054.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AACLIENT.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.983] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0054.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x1edc8e8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCESSIBILITYCPL.DLL", lpUsedDefaultChar=0x0) returned 20 [0054.984] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCTRES.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.985] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLEDIT.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.985] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x1edc8a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLUI.DLL", lpUsedDefaultChar=0x0) returned 9 [0054.985] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACPPAGE.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.985] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x1edc8a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTER.DLL", lpUsedDefaultChar=0x0) returned 16 [0054.985] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x1edc8e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTERCPL.DLL", lpUsedDefaultChar=0x0) returned 19 [0054.985] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIVEDS.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.986] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTXPRXY.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.986] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMPARSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.986] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMTMPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.986] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x1edc8a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 14 [0054.986] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDP.DLL", lpUsedDefaultChar=0x0) returned 10 [0054.986] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDPC.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.987] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSMSEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.987] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x1edc8a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSNT.DLL", lpUsedDefaultChar=0x0) returned 9 [0054.987] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x1edc8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADTSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 13 [0054.987] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVAPI32.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.987] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVPACK.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.988] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AECACHE.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.988] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AEEVTS.DLL", lpUsedDefaultChar=0x0) returned 10 [0054.988] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALTTAB.DLL", lpUsedDefaultChar=0x0) returned 10 [0054.988] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMSTREAM.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.988] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMXREAD.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.989] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x1edc8e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APDS.DLL", lpUsedDefaultChar=0x0) returned 8 [0054.989] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc8a0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0054.989] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc8e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0054.989] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc8a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0054.989] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc8e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0054.989] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0054.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc8a0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0054.990] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.990] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.990] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.990] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.990] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.990] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.991] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x1edc8e8, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 38 [0054.991] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x1edc8a0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 29 [0054.991] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc8e8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0054.991] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x1edc8a0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0054.991] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x1edc8e8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0054.991] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc8a0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0054.992] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.992] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.992] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc8e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0054.992] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x1edc8a0, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 45 [0054.992] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0054.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x1edc8e8, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 41 [0054.992] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x1edc8a0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", lpUsedDefaultChar=0x0) returned 41 [0054.993] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc8e8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0054.993] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x1edc8a0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0054.993] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.993] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc8a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0054.993] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0054.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc8e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0054.993] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc8a0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0054.994] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x1edc8e8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0054.994] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc8a0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0054.994] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.994] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.994] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.994] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.995] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.995] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x1edc8a0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0054.995] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc8e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0054.995] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x1edc8a0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0054.995] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0054.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc8e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0054.996] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x1edc8a0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0054.996] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc8e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0054.996] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.996] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.996] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.996] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0054.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc8e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0054.997] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc8a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0054.997] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x1edc8e8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0054.997] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0054.997] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x1edc8e8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0054.997] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc8a0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0054.997] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc8e8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0054.998] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc8a0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0054.998] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc8e8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0054.998] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc8a0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0054.998] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc8e8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0054.998] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc8a0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0054.998] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APILOGEN.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.999] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APIRCL.DLL", lpUsedDefaultChar=0x0) returned 10 [0054.999] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x1edc8e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APISETSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 16 [0054.999] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHELP.DLL", lpUsedDefaultChar=0x0) returned 11 [0054.999] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHLPDM.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.999] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDAPI.DLL", lpUsedDefaultChar=0x0) returned 12 [0054.999] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x1edc8e8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDPOLICYENGINEAPI.DLL", lpUsedDefaultChar=0x0) returned 24 [0055.000] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGMTS.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.000] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGR.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.000] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x1edc8a0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APSS.DLL", lpUsedDefaultChar=0x0) returned 8 [0055.000] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASFERROR.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.000] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0055.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x1edc8a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASPNET_COUNTERS.DLL", lpUsedDefaultChar=0x0) returned 19 [0055.000] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASYCFILT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.001] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x1edc8a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL.DLL", lpUsedDefaultChar=0x0) returned 7 [0055.001] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL100.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.001] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL110.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.001] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x1edc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMFD.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.001] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMLIB.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.001] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIODEV.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.002] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOENG.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.002] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOKSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.002] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOSES.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.002] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x1edc8e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITNATIVESNAPIN.DLL", lpUsedDefaultChar=0x0) returned 21 [0055.002] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x1edc8a0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLICYGPINTEROP.DLL", lpUsedDefaultChar=0x0) returned 24 [0055.002] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x1edc8e8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLMSG.DLL", lpUsedDefaultChar=0x0) returned 15 [0055.003] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x1edc8a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWCFG.DLL", lpUsedDefaultChar=0x0) returned 13 [0055.003] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWGP.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.003] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x1edc8a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWSNAPIN.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.003] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x1edc8e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWWIZFWK.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.003] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.004] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x1edc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHZ.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.004] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTOPLAY.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.004] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x1edc8e8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYAPI.DLL", lpUsedDefaultChar=0x0) returned 23 [0055.004] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x1edc8a0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYCPL.DLL", lpUsedDefaultChar=0x0) returned 23 [0055.004] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVICAP32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.004] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVIFIL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.005] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x1edc8e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVRT.DLL", lpUsedDefaultChar=0x0) returned 8 [0055.005] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLES.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.005] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.005] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZSQLEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.005] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BASECSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.005] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BATMETER.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.006] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPT.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.006] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x1edc8a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPTPRIMITIVES.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.006] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIDISPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.006] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x1edc8a0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIOCREDPROV.DLL", lpUsedDefaultChar=0x0) returned 15 [0055.006] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPERF.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.006] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX2.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.007] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX3.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.007] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX4.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.007] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX5.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.007] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX6.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.007] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BLACKBOX.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.007] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BOOTVID.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.008] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.008] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWSEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.008] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTPANUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.008] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x1edc8a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWCONTEXTHANDLER.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.008] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x1edc8e8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWUNPAIRELEVATED.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.008] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABINET.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.009] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABVIEW.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.009] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x1edc8a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPIPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.009] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPISP.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.009] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRV.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.009] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVPS.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.009] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVUT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.010] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x1edc8e8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CCA.DLL", lpUsedDefaultChar=0x0) returned 7 [0055.010] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CDOSYS.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.010] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.010] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x1edc8a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCREDPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.010] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENC.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.010] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x1edc8a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLL.DLL", lpUsedDefaultChar=0x0) returned 14 [0055.011] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x1edc8e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLLUI.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.011] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTMGR.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.011] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x1edc8e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTPOLENG.DLL", lpUsedDefaultChar=0x0) returned 14 [0055.011] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CEWMDM.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.011] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGBKEND.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGBKEND.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CFGBKEND.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.012] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGMGR32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGMGR32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CFGMGR32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.012] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHSBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHSBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHSBRKR.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.012] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHTBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHTBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHTBRKR.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.012] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHXREADINGSTRINGIME.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHXREADINGSTRINGIME.DLL", cchWideChar=23, lpMultiByteStr=0x1edc8e8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHXREADINGSTRINGIME.DLL", lpUsedDefaultChar=0x0) returned 23 [0055.012] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CIC.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CIC.DLL", cchWideChar=7, lpMultiByteStr=0x1edc8a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CIC.DLL", lpUsedDefaultChar=0x0) returned 7 [0055.012] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLB.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLB.DLL", cchWideChar=7, lpMultiByteStr=0x1edc8e8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLB.DLL", lpUsedDefaultChar=0x0) returned 7 [0055.013] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLBCATQ.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLBCATQ.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLBCATQ.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.013] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLFSW32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLFSW32.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLFSW32.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.013] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLICONFG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLICONFG.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLICONFG.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.013] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLUSAPI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLUSAPI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLUSAPI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.013] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMCFG32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMCFG32.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMCFG32.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.013] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMDIAL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMDIAL32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMDIAL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.014] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMICRYPTINSTALL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMICRYPTINSTALL.DLL", cchWideChar=19, lpMultiByteStr=0x1edc8a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMICRYPTINSTALL.DLL", lpUsedDefaultChar=0x0) returned 19 [0055.014] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIFW.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIFW.DLL", cchWideChar=9, lpMultiByteStr=0x1edc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMIFW.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.014] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIPNPINSTALL.DLL", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIPNPINSTALL.DLL", cchWideChar=17, lpMultiByteStr=0x1edc8a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMIPNPINSTALL.DLL", lpUsedDefaultChar=0x0) returned 17 [0055.014] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMLUA.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMLUA.DLL", cchWideChar=9, lpMultiByteStr=0x1edc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMLUA.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.014] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMPBK32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMPBK32.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMPBK32.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.014] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMSTPLUA.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMSTPLUA.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMSTPLUA.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.015] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMUTIL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMUTIL.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMUTIL.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.015] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGAUDIT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGAUDIT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNGAUDIT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.015] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGPROVIDER.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGPROVIDER.DLL", cchWideChar=15, lpMultiByteStr=0x1edc8a0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNGPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 15 [0055.015] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNVFAT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNVFAT.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNVFAT.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.015] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLBACT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLBACT.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLBACT.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.015] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORCNV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORCNV.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLORCNV.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.016] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORUI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLORUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.016] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCAT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCAT.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMCAT.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.016] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCTL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCTL32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMCTL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.016] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMDLG32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMDLG32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMDLG32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.016] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPOBJ.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPOBJ.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMPOBJ.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.016] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPSTUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPSTUI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMPSTUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.017] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMREPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMREPL.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMREPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.017] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMRES.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMRES.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMRES.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.017] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSNAP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSNAP.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMSNAP.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.017] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSVCS.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSVCS.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMSVCS.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.017] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMUID.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMUID.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMUID.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.017] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONCRT140.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONCRT140.DLL", cchWideChar=13, lpMultiByteStr=0x1edc8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONCRT140.DLL", lpUsedDefaultChar=0x0) returned 13 [0055.018] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONNECT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONNECT.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONNECT.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.018] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONSOLE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONSOLE.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONSOLE.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.018] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CORPOL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CORPOL.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CORPOL.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.018] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CPFILTERS.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CPFILTERS.DLL", cchWideChar=13, lpMultiByteStr=0x1edc8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CPFILTERS.DLL", lpUsedDefaultChar=0x0) returned 13 [0055.018] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDSSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDSSP.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDSSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.018] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDUI.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.019] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRTDLL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRTDLL.DLL", cchWideChar=10, lpMultiByteStr=0x1edc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRTDLL.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.019] FindNextFileW (in: hFindFile=0x30a718, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRYPT32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRYPT32.DLL", cchWideChar=11, lpMultiByteStr=0x1edc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRYPT32.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.019] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="crypt32.dll", BaseAddress=0x18fd70 | out: BaseAddress=0x18fd70*=0x75a60000) returned 0x0 [0055.022] FindClose (in: hFindFile=0x30a718 | out: hFindFile=0x30a718) returned 1 [0055.022] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0055.022] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x1d877f8, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1d877f8, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0055.022] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x1d877f8, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x0, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x0, pcbStructInfo=0x18fd98) returned 1 [0055.024] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x1d877f8, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x1d87f08, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x1d87f08, pcbStructInfo=0x18fd98) returned 1 [0055.024] CryptImportPublicKeyInfo (in: hCryptProv=0x30c7f0, dwCertEncodingType=0x10001, pInfo=0x1d87f08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x1d87f38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x1d87f40*, PublicKey.cUnusedBits=0x0), phKey=0x18fda0 | out: phKey=0x18fda0*=0x30a718) returned 1 [0055.025] ReleaseMutex (hMutex=0x110) returned 1 [0055.026] StartServiceCtrlDispatcherW (lpServiceTable=0x18fe10*(lpServiceName="", lpServiceProc=0x40f270)) returned 0 [0055.027] GetLastError () returned 0x427 [0055.027] GetCommandLineW () returned="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe" [0055.027] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe", pNumArgs=0x18fe00 | out: pNumArgs=0x18fe00) returned 0x324430*="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" [0055.027] Wow64DisableWow64FsRedirection (in: OldValue=0x18fde0 | out: OldValue=0x18fde0*=0x0) returned 1 [0055.027] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1d87f08, nSize=0x200 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin")) returned 0x2e [0055.027] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1d88710, nSize=0x200 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin")) returned 0x2e [0055.027] GetEnvironmentVariableW (in: lpName="COMPUTERNAME", lpBuffer=0x1d88f18, nSize=0x40 | out: lpBuffer="XDUWTFONO") returned 0x9 [0055.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XDUWTFONO", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XDUWTFONO", cchWideChar=9, lpMultiByteStr=0x1edc228, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XDUWTFONO", lpUsedDefaultChar=0x0) returned 9 [0055.028] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x1d88f18, nSize=0x40 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0055.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5p5NrGJn0jS HALPmcxz", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5p5NrGJn0jS HALPmcxz", cchWideChar=20, lpMultiByteStr=0x1edc978, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5p5NrGJn0jS HALPmcxz", lpUsedDefaultChar=0x0) returned 20 [0055.028] CryptAcquireContextW (in: phProv=0x18fc3c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc3c*=0x3246f0) returned 1 [0055.029] CryptCreateHash (in: hProv=0x3246f0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x18fc3c | out: phHash=0x18fc3c) returned 1 [0055.029] CryptHashData (hHash=0x324578, pbData=0x1edc0c0, dwDataLen=0x20, dwFlags=0x0) returned 1 [0055.029] CryptGetHashParam (in: hHash=0x324578, dwParam=0x4, pbData=0x18fc40, pdwDataLen=0x18fc4c, dwFlags=0x0 | out: pbData=0x18fc40, pdwDataLen=0x18fc4c) returned 1 [0055.029] CryptGetHashParam (in: hHash=0x324578, dwParam=0x2, pbData=0x1edc9c0, pdwDataLen=0x18fc40, dwFlags=0x0 | out: pbData=0x1edc9c0, pdwDataLen=0x18fc40) returned 1 [0055.029] CryptDestroyHash (hHash=0x324578) returned 1 [0055.029] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.029] OpenEventA (dwDesiredAccess=0x100002, bInheritHandle=0, lpName="{DB697C21-3780-0C33-4345-2F1B4C2F2F3D}") returned 0x0 [0055.032] GetLastError () returned 0x2 [0055.032] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0055.033] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x323fa8, lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4 | out: lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4) returned 1 [0055.033] CreateEventA (lpEventAttributes=0x18fc4c, bManualReset=1, bInitialState=0, lpName="{DB697C21-3780-0C33-4345-2F1B4C2F2F3D}") returned 0x128 [0055.033] GetLastError () returned 0x0 [0055.033] SetSecurityInfo () returned 0x0 [0055.475] LocalFree (hMem=0x323fa8) returned 0x0 [0055.487] CryptAcquireContextW (in: phProv=0x18fc3c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc3c*=0x3246f0) returned 1 [0055.488] CryptCreateHash (in: hProv=0x3246f0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x18fc3c | out: phHash=0x18fc3c) returned 1 [0055.488] CryptHashData (hHash=0x324578, pbData=0x1edc0c0, dwDataLen=0xb, dwFlags=0x0) returned 1 [0055.488] CryptGetHashParam (in: hHash=0x324578, dwParam=0x4, pbData=0x18fc40, pdwDataLen=0x18fc4c, dwFlags=0x0 | out: pbData=0x18fc40, pdwDataLen=0x18fc4c) returned 1 [0055.488] CryptGetHashParam (in: hHash=0x324578, dwParam=0x2, pbData=0x1d827f8, pdwDataLen=0x18fc40, dwFlags=0x0 | out: pbData=0x1d827f8, pdwDataLen=0x18fc40) returned 1 [0055.488] CryptDestroyHash (hHash=0x324578) returned 1 [0055.488] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.488] OpenEventA (dwDesiredAccess=0x100002, bInheritHandle=0, lpName="Global\\{92EAD6E2-16CB-825D-3763-CAC9D6ED414E}") returned 0x0 [0055.488] GetLastError () returned 0x2 [0055.488] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0055.489] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x323fa8, lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4 | out: lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4) returned 1 [0055.489] CreateEventA (lpEventAttributes=0x18fc4c, bManualReset=1, bInitialState=0, lpName="Global\\{92EAD6E2-16CB-825D-3763-CAC9D6ED414E}") returned 0x12c [0055.489] GetLastError () returned 0x0 [0055.489] SetSecurityInfo () returned 0x0 [0055.489] LocalFree (hMem=0x323fa8) returned 0x0 [0055.489] CryptAcquireContextW (in: phProv=0x18fc3c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc3c*=0x3246f0) returned 1 [0055.490] CryptCreateHash (in: hProv=0x3246f0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x18fc3c | out: phHash=0x18fc3c) returned 1 [0055.490] CryptHashData (hHash=0x324578, pbData=0x1edc0c0, dwDataLen=0xb, dwFlags=0x0) returned 1 [0055.490] CryptGetHashParam (in: hHash=0x324578, dwParam=0x4, pbData=0x18fc40, pdwDataLen=0x18fc4c, dwFlags=0x0 | out: pbData=0x18fc40, pdwDataLen=0x18fc4c) returned 1 [0055.490] CryptGetHashParam (in: hHash=0x324578, dwParam=0x2, pbData=0x1d82888, pdwDataLen=0x18fc40, dwFlags=0x0 | out: pbData=0x1d82888, pdwDataLen=0x18fc40) returned 1 [0055.490] CryptDestroyHash (hHash=0x324578) returned 1 [0055.490] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.490] OpenMutexA (dwDesiredAccess=0x100002, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x0 [0055.490] GetLastError () returned 0x2 [0055.490] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0055.491] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x323fa8, lpbSaclPresent=0x18fc00, pSacl=0x18fc58, lpbSaclDefaulted=0x18fc00 | out: lpbSaclPresent=0x18fc00, pSacl=0x18fc58, lpbSaclDefaulted=0x18fc00) returned 1 [0055.491] CreateMutexA (lpMutexAttributes=0x18fc4c, bInitialOwner=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x158 [0055.491] GetLastError () returned 0x0 [0055.491] SetSecurityInfo () returned 0x0 [0055.491] LocalFree (hMem=0x323fa8) returned 0x0 [0055.491] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x64) returned 0x0 [0055.491] ReleaseMutex (hMutex=0x158) returned 1 [0055.491] SetEvent (hEvent=0x128) returned 1 [0055.492] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x15c [0055.494] Process32FirstW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0055.495] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0055.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0055.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x1d828d0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0055.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0055.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=6, lpMultiByteStr=0x1d828d0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 6 [0055.496] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0055.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x1d82960, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 8 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x1d82960, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 8 [0055.497] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x1d829f0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x1d829f0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0055.498] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0055.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x1d82a38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 11 [0055.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x1d82a38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 11 [0055.498] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0055.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x1d82a80, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0055.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x1d82a80, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0055.502] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0055.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x1d82ac8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 12 [0055.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x1d82ac8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 12 [0055.503] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0055.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x1d82b10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 12 [0055.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x1d82b10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 12 [0055.503] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0055.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1d82b58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0055.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1d82b58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0055.518] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0055.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x1d82ba0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 7 [0055.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x1d82ba0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 7 [0055.519] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82be8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82be8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.520] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82c30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82c30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.521] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82c78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82c78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.522] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82cc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82cc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.522] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82d08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82d08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.523] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0055.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x1d82d50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 11 [0055.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x1d82d50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 11 [0055.524] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82d98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82d98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.525] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82de0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82de0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.526] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x1d828d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x1d828d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0055.527] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82e28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82e28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0055.527] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0055.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x1d82de0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0055.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x1d82de0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0055.528] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x310, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0055.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x1d82e70, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 7 [0055.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x1d82e70, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 7 [0055.529] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x548, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0055.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x1d82eb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 12 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x1d82eb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 12 [0055.530] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x1d82f00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 11 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x1d82f00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 11 [0055.531] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0055.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x1d82f48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0055.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x1d82f48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0055.531] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="transportationporval.exe")) returned 1 [0055.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x1d82f90, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transportationporval.exe", lpUsedDefaultChar=0x0) returned 24 [0055.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x1d82f90, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transportationporval.exe", lpUsedDefaultChar=0x0) returned 24 [0055.532] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="liverpool-brazil-kind-researchers.exe")) returned 1 [0055.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0055.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x1d82fd8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liverpool-brazil-kind-researchers.exe", lpUsedDefaultChar=0x0) returned 37 [0055.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0055.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x1d82fd8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liverpool-brazil-kind-researchers.exe", lpUsedDefaultChar=0x0) returned 37 [0055.533] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="azerbaijan australia map.exe")) returned 1 [0055.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0055.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x1d83020, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="azerbaijan australia map.exe", lpUsedDefaultChar=0x0) returned 28 [0055.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0055.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x1d83020, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="azerbaijan australia map.exe", lpUsedDefaultChar=0x0) returned 28 [0055.536] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="seattleconvertible.exe")) returned 1 [0055.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x1d83068, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seattleconvertible.exe", lpUsedDefaultChar=0x0) returned 22 [0055.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x1d83068, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seattleconvertible.exe", lpUsedDefaultChar=0x0) returned 22 [0055.537] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="camps_part_october.exe")) returned 1 [0055.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x1d830b0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="camps_part_october.exe", lpUsedDefaultChar=0x0) returned 22 [0055.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x1d830b0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="camps_part_october.exe", lpUsedDefaultChar=0x0) returned 22 [0055.538] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="fskaslidesoregon.exe")) returned 1 [0055.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x1d830f8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fskaslidesoregon.exe", lpUsedDefaultChar=0x0) returned 20 [0055.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x1d830f8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fskaslidesoregon.exe", lpUsedDefaultChar=0x0) returned 20 [0055.539] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x31c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="ny surge discounts.exe")) returned 1 [0055.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x1d83140, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ny surge discounts.exe", lpUsedDefaultChar=0x0) returned 22 [0055.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x1d83140, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ny surge discounts.exe", lpUsedDefaultChar=0x0) returned 22 [0055.540] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="furniture-cg.exe")) returned 1 [0055.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x1d83188, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="furniture-cg.exe", lpUsedDefaultChar=0x0) returned 16 [0055.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x1d83188, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="furniture-cg.exe", lpUsedDefaultChar=0x0) returned 16 [0055.541] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="angry_region_seconds.exe")) returned 1 [0055.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x1d831d0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angry_region_seconds.exe", lpUsedDefaultChar=0x0) returned 24 [0055.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x1d831d0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angry_region_seconds.exe", lpUsedDefaultChar=0x0) returned 24 [0055.541] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="soviet-nutten-samples-configured.exe")) returned 1 [0055.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0055.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x1d83218, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="soviet-nutten-samples-configured.exe", lpUsedDefaultChar=0x0) returned 36 [0055.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0055.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x1d83218, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="soviet-nutten-samples-configured.exe", lpUsedDefaultChar=0x0) returned 36 [0055.542] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="picture_pk.exe")) returned 1 [0055.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x1d83260, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="picture_pk.exe", lpUsedDefaultChar=0x0) returned 14 [0055.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x1d83260, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="picture_pk.exe", lpUsedDefaultChar=0x0) returned 14 [0055.543] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishes_pixels_reflected_edgar.exe")) returned 1 [0055.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x1d832a8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wishes_pixels_reflected_edgar.exe", lpUsedDefaultChar=0x0) returned 33 [0055.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x1d832a8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wishes_pixels_reflected_edgar.exe", lpUsedDefaultChar=0x0) returned 33 [0055.544] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="nyc-actor-fault-logistics.exe")) returned 1 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x1d832f0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyc-actor-fault-logistics.exe", lpUsedDefaultChar=0x0) returned 29 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x1d832f0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyc-actor-fault-logistics.exe", lpUsedDefaultChar=0x0) returned 29 [0055.545] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x398, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="duration_electricity_columbia_estate.exe")) returned 1 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x1d83338, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="duration_electricity_columbia_estate.exe", lpUsedDefaultChar=0x0) returned 40 [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x1d83338, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="duration_electricity_columbia_estate.exe", lpUsedDefaultChar=0x0) returned 40 [0055.546] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="prominent.exe")) returned 1 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x1d83380, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prominent.exe", lpUsedDefaultChar=0x0) returned 13 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x1d83380, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prominent.exe", lpUsedDefaultChar=0x0) returned 13 [0055.546] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="after practical kiss sir.exe")) returned 1 [0055.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0055.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x1d833c8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="after practical kiss sir.exe", lpUsedDefaultChar=0x0) returned 28 [0055.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0055.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x1d833c8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="after practical kiss sir.exe", lpUsedDefaultChar=0x0) returned 28 [0055.547] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="epson-pressing-camera.exe")) returned 1 [0055.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0055.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x1d83410, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="epson-pressing-camera.exe", lpUsedDefaultChar=0x0) returned 25 [0055.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0055.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x1d83410, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="epson-pressing-camera.exe", lpUsedDefaultChar=0x0) returned 25 [0055.548] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x60c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="baptist-extraction.exe")) returned 1 [0055.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x1d83458, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="baptist-extraction.exe", lpUsedDefaultChar=0x0) returned 22 [0055.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x1d83458, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="baptist-extraction.exe", lpUsedDefaultChar=0x0) returned 22 [0055.549] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="challenged.exe")) returned 1 [0055.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x1d834a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="challenged.exe", lpUsedDefaultChar=0x0) returned 14 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x1d834a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="challenged.exe", lpUsedDefaultChar=0x0) returned 14 [0055.550] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="rhode-jay.exe")) returned 1 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x1d834e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rhode-jay.exe", lpUsedDefaultChar=0x0) returned 13 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x1d834e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rhode-jay.exe", lpUsedDefaultChar=0x0) returned 13 [0055.551] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="VQBKVY~1:bin")) returned 1 [0055.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vqbkvy~1:bin", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vqbkvy~1:bin", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vqbkvy~1:bin", lpUsedDefaultChar=0x0) returned 12 [0055.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VQBKVY~1:bin", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VQBKVY~1:bin", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VQBKVY~1:bin", lpUsedDefaultChar=0x0) returned 12 [0055.551] Process32NextW (in: hSnapshot=0x15c, lppe=0x18f898 | out: lppe=0x18f898*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="VQBKVY~1:bin")) returned 0 [0055.552] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.552] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.552] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.552] FindFirstFileExW (in: lpFileName="C:\\Windows\\SysWOW64\\*.dll", fInfoLevelId=0x1, lpFindFileData=0x18f59c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18f59c) returned 0x324578 [0055.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AACLIENT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.553] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x1edc9c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCESSIBILITYCPL.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.553] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCTRES.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.554] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLEDIT.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.554] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x1edc9c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLUI.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.554] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACPPAGE.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.554] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x1edc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTER.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.554] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x1edc9c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTERCPL.DLL", lpUsedDefaultChar=0x0) returned 19 [0055.554] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIVEDS.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.555] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTXPRXY.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.555] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMPARSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.555] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMTMPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.555] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x1edc9c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 14 [0055.555] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDP.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.555] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDPC.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.556] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSMSEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.556] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x1edc9c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSNT.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.556] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x1edc9c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADTSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 13 [0055.556] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVAPI32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.556] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVPACK.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.556] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AECACHE.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.557] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AEEVTS.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.557] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALTTAB.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.557] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMSTREAM.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.557] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMXREAD.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.557] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x1edc9c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APDS.DLL", lpUsedDefaultChar=0x0) returned 8 [0055.557] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc9c0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0055.558] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc9c0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0055.558] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc9c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0055.558] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc9c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0055.558] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc9c0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0055.558] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.559] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.559] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.559] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.559] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.559] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.559] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0055.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x1edc9c0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 38 [0055.560] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x1edc9c0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 29 [0055.560] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc9c0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0055.560] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x1edc9c0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0055.560] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x1edc9c0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0055.560] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc9c0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0055.560] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.561] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.561] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc9c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0055.561] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x1edc9c0, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 45 [0055.561] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x1edc9c0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 41 [0055.561] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x1edc9c0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", lpUsedDefaultChar=0x0) returned 41 [0055.561] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc9c0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0055.562] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x1edc9c0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0055.562] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.562] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc9c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0055.562] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc9c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0055.562] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0055.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc9c0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0055.562] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x1edc9c0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0055.563] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc9c0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0055.563] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.563] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.563] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.563] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.564] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.564] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x1edc9c0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0055.564] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc9c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0055.564] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x1edc9c0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0055.564] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc9c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0055.564] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0055.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x1edc9c0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0055.565] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc9c0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0055.565] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.565] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.565] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.565] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0055.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x1edc9c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0055.565] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x1edc9c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0055.566] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x1edc9c0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0055.566] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x1edc9c0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0055.566] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x1edc9c0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0055.566] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc9c0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0055.566] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc9c0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0055.566] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x1edc9c0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0055.567] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x1edc9c0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0055.567] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc9c0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0055.567] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x1edc9c0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0055.567] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x1edc9c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0055.567] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APILOGEN.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.568] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APIRCL.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.568] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x1edc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APISETSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.568] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHELP.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.568] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHLPDM.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.568] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDAPI.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.568] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x1edc9c0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDPOLICYENGINEAPI.DLL", lpUsedDefaultChar=0x0) returned 24 [0055.569] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGMTS.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.569] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGR.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.569] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x1edc9c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APSS.DLL", lpUsedDefaultChar=0x0) returned 8 [0055.569] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASFERROR.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.569] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x1edc9c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASPNET_COUNTERS.DLL", lpUsedDefaultChar=0x0) returned 19 [0055.569] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASYCFILT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.570] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x1edc9c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL.DLL", lpUsedDefaultChar=0x0) returned 7 [0055.570] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL100.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.570] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL110.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.570] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x1edc9c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMFD.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.570] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMLIB.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.570] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIODEV.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.571] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOENG.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.571] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOKSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.571] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOSES.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.571] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x1edc9c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITNATIVESNAPIN.DLL", lpUsedDefaultChar=0x0) returned 21 [0055.571] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x1edc9c0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLICYGPINTEROP.DLL", lpUsedDefaultChar=0x0) returned 24 [0055.572] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x1edc9c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLMSG.DLL", lpUsedDefaultChar=0x0) returned 15 [0055.572] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x1edc9c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWCFG.DLL", lpUsedDefaultChar=0x0) returned 13 [0055.572] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWGP.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.572] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x1edc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWSNAPIN.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.572] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x1edc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWWIZFWK.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.572] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.573] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x1edc9c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHZ.DLL", lpUsedDefaultChar=0x0) returned 9 [0055.573] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTOPLAY.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.573] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x1edc9c0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYAPI.DLL", lpUsedDefaultChar=0x0) returned 23 [0055.573] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x1edc9c0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYCPL.DLL", lpUsedDefaultChar=0x0) returned 23 [0055.573] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVICAP32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.573] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVIFIL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.574] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x1edc9c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVRT.DLL", lpUsedDefaultChar=0x0) returned 8 [0055.574] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLES.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.574] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.574] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZSQLEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.574] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BASECSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.574] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BATMETER.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.575] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPT.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.575] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x1edc9c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPTPRIMITIVES.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.575] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIDISPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.575] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x1edc9c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIOCREDPROV.DLL", lpUsedDefaultChar=0x0) returned 15 [0055.575] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPERF.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.576] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX2.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.576] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX3.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.576] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX4.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.576] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX5.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.576] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX6.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.576] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BLACKBOX.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.577] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BOOTVID.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.577] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.577] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWSEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.577] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTPANUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.577] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x1edc9c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWCONTEXTHANDLER.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.577] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x1edc9c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWUNPAIRELEVATED.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.578] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABINET.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.578] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABVIEW.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.578] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x1edc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPIPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.578] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPISP.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.578] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRV.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.578] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVPS.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.579] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x1edc9c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVUT.DLL", lpUsedDefaultChar=0x0) returned 12 [0055.579] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x1edc9c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CCA.DLL", lpUsedDefaultChar=0x0) returned 7 [0055.579] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CDOSYS.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.579] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.579] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x1edc9c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCREDPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 20 [0055.579] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENC.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.580] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x1edc9c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLL.DLL", lpUsedDefaultChar=0x0) returned 14 [0055.580] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x1edc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLLUI.DLL", lpUsedDefaultChar=0x0) returned 16 [0055.580] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0055.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTMGR.DLL", lpUsedDefaultChar=0x0) returned 11 [0055.580] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x1edc9c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTPOLENG.DLL", lpUsedDefaultChar=0x0) returned 14 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0055.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x1edc9c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CEWMDM.DLL", lpUsedDefaultChar=0x0) returned 10 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.581] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.582] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.583] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.584] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.585] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.586] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.586] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.586] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.586] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.586] FindNextFileW (in: hFindFile=0x324578, lpFindFileData=0x18f59c | out: lpFindFileData=0x18f59c) returned 1 [0055.632] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="psapi.dll", BaseAddress=0x18f810 | out: BaseAddress=0x18f810*=0x75a20000) returned 0x0 [0055.683] FindClose (in: hFindFile=0x324578 | out: hFindFile=0x324578) returned 1 [0055.683] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="") returned 0x0 [0055.684] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.684] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.684] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.684] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.684] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x0) returned 0 [0055.684] NtClose (Handle=0x160) returned 0x0 [0055.684] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x104, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.684] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x104, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.684] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.684] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\smss.exe") returned 0x31 [0055.684] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.684] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.685] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.685] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.685] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.685] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.685] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.685] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.685] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.685] NtClose (Handle=0x164) returned 0x0 [0055.685] NtClose (Handle=0x160) returned 0x0 [0055.685] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x140, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.685] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.685] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Sidebar\\picture_pk.exe") returned 0x44 [0055.685] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.685] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.685] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.685] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.686] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.686] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.686] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.686] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.686] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.686] NtClose (Handle=0x164) returned 0x0 [0055.686] NtClose (Handle=0x160) returned 0x0 [0055.686] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x148, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.686] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x148, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.686] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x178, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.686] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x178, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.686] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.686] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\wininit.exe") returned 0x34 [0055.686] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.686] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.686] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.686] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.687] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.687] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.687] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.687] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.687] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.687] NtClose (Handle=0x164) returned 0x0 [0055.687] NtClose (Handle=0x160) returned 0x0 [0055.687] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x170, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.687] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x170, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.687] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.687] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.687] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.687] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.687] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.688] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.688] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.688] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.688] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.688] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.688] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.688] NtClose (Handle=0x164) returned 0x0 [0055.688] NtClose (Handle=0x160) returned 0x0 [0055.688] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x184, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.688] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x184, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.688] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1ac, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.688] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1ac, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.688] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.688] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\winlogon.exe") returned 0x35 [0055.688] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.689] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.689] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.689] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.689] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.689] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.689] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.689] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.689] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.689] NtClose (Handle=0x164) returned 0x0 [0055.689] NtClose (Handle=0x160) returned 0x0 [0055.689] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1d8, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.689] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1d8, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.689] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.689] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\services.exe") returned 0x35 [0055.690] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.690] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.690] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.690] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.690] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.690] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.690] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.690] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.690] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.690] NtClose (Handle=0x164) returned 0x0 [0055.690] NtClose (Handle=0x160) returned 0x0 [0055.690] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1e0, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.690] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1e0, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.690] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.690] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsass.exe") returned 0x32 [0055.691] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.691] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.691] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.691] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.691] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.691] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.691] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.691] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.691] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.691] NtClose (Handle=0x164) returned 0x0 [0055.691] NtClose (Handle=0x160) returned 0x0 [0055.691] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1e8, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.691] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x1e8, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.691] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.691] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsm.exe") returned 0x30 [0055.691] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.691] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.692] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.692] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.692] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.692] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.692] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.692] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.692] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.692] NtClose (Handle=0x164) returned 0x0 [0055.692] NtClose (Handle=0x160) returned 0x0 [0055.692] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x250, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.692] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x250, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.692] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.692] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.692] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.692] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.692] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.693] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.693] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.693] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.693] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.693] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.693] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.693] NtClose (Handle=0x164) returned 0x0 [0055.693] NtClose (Handle=0x160) returned 0x0 [0055.693] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x400, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x290, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x0) returned 0xc0000022 [0055.693] NtOpenProcess (in: ProcessHandle=0x18f800, DesiredAccess=0x1000, ObjectAttributes=0x18f80c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18f804*(UniqueProcess=0x290, UniqueThread=0x0) | out: ProcessHandle=0x18f800*=0x160) returned 0x0 [0055.693] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.693] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.693] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.693] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.693] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.693] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.694] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.694] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.694] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.694] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.694] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.694] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.694] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.694] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.694] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.694] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.694] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.694] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.694] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.695] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.695] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.695] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.695] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.695] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.695] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.695] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.695] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.695] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.695] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.695] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.695] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.695] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.695] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.695] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.695] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.696] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.696] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.696] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.696] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.696] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.696] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.696] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.696] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.696] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.696] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\audiodg.exe") returned 0x34 [0055.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.696] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.696] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.696] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.696] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.696] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.697] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.697] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.697] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.697] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.697] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.697] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.697] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.697] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.697] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.697] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.697] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.697] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.697] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.697] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.699] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.699] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\spoolsv.exe") returned 0x34 [0055.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.699] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.699] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.699] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.699] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.699] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.699] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.699] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.699] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.699] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.699] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0055.700] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.700] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.700] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.700] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.700] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.700] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.700] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.700] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x1edc9c9 [0055.700] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.700] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.700] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0055.701] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.701] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.701] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.701] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.703] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.703] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.703] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.703] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.704] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.704] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.705] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0055.705] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.705] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.705] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.705] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.705] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.706] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.706] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.706] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.706] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.706] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.706] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskeng.exe") returned 0x34 [0055.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.706] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.706] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.706] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.706] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.706] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.706] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.706] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x1edc9c9 [0055.706] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.706] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.707] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0055.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.707] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.710] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.710] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.710] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.710] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.710] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.710] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.710] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.710] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.710] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Internet Explorer\\transportationporval.exe") returned 0x56 [0055.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.710] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.710] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.710] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.710] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.711] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.711] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.711] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.711] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.711] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.711] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\liverpool-brazil-kind-researchers.exe") returned 0x6d [0055.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.711] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.711] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.711] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.711] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.711] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.711] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.711] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.711] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.711] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.712] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\azerbaijan australia map.exe") returned 0x54 [0055.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.712] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.712] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.712] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.712] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.712] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.712] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.712] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.712] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.712] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.712] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\seattleconvertible.exe") returned 0x5e [0055.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.712] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.712] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.712] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.712] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.713] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.713] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.713] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.713] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.713] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.713] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Portable Devices\\camps_part_october.exe") returned 0x55 [0055.713] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.713] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.713] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.713] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.713] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.713] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.713] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.713] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.713] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.713] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.714] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Portable Devices\\fskaslidesoregon.exe") returned 0x59 [0055.714] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.714] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.714] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.714] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.714] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.714] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.714] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.715] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.715] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.715] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.715] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Synchronization Services\\ny surge discounts.exe") returned 0x5f [0055.715] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.715] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.715] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.715] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.715] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.716] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.716] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.716] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.716] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.716] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.716] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\furniture-cg.exe") returned 0x48 [0055.716] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.716] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.717] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.717] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.717] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.717] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.717] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.717] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.717] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.717] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.718] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Journal\\angry_region_seconds.exe") returned 0x4e [0055.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.718] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.718] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.718] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.718] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.718] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.719] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.719] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.719] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.719] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.719] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\soviet-nutten-samples-configured.exe") returned 0x5f [0055.719] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.719] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.719] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.720] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.720] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.720] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.720] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.720] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.720] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.720] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.720] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Google\\wishes_pixels_reflected_edgar.exe") returned 0x54 [0055.721] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.721] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.721] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.721] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.721] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.721] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.721] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.721] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.721] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.722] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.722] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Photo Viewer\\nyc-actor-fault-logistics.exe") returned 0x5e [0055.722] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.722] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.722] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.722] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.722] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.722] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.723] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.723] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.723] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.723] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.723] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\duration_electricity_columbia_estate.exe") returned 0x63 [0055.723] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.723] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.723] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.723] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.724] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.724] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.724] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.724] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.724] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.724] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.724] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Photo Viewer\\prominent.exe") returned 0x48 [0055.725] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.725] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.725] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.725] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.725] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.725] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.725] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.725] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.725] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.725] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.726] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Java\\after practical kiss sir.exe") returned 0x4d [0055.726] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.726] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.726] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.726] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.726] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.726] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.726] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.727] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.727] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.727] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.727] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\epson-pressing-camera.exe") returned 0x54 [0055.727] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.727] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.727] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.727] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.728] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.728] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.735] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.735] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.735] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.735] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.735] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Sync Framework\\baptist-extraction.exe") returned 0x55 [0055.735] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.735] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.735] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.735] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.735] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.735] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.735] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.735] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.735] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.735] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.735] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Common Files\\challenged.exe") returned 0x41 [0055.736] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.736] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.736] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.736] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.736] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.736] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.736] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.736] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.736] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.736] GetExitCodeProcess (in: hProcess=0x160, lpExitCode=0x18f828 | out: lpExitCode=0x18f828*=0x103) returned 1 [0055.736] GetProcessImageFileNameW (in: hProcess=0x160, lpImageFileName=0x1d86c88, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\MSBuild\\rhode-jay.exe") returned 0x3b [0055.736] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18f810 | out: Wow64Process=0x18f810) returned 1 [0055.736] IsWow64Process (in: hProcess=0x160, Wow64Process=0x18f820 | out: Wow64Process=0x18f820) returned 1 [0055.736] NtQueryInformationProcess (in: ProcessHandle=0x160, ProcessInformationClass=0x18, ProcessInformation=0x18f81c, ProcessInformationLength=0x4, ReturnLength=0x18f820 | out: ProcessInformation=0x18f81c, ReturnLength=0x18f820) returned 0x0 [0055.736] GetProcessTimes (in: hProcess=0x160, lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c | out: lpCreationTime=0x18f844, lpExitTime=0x18f83c, lpKernelTime=0x18f83c, lpUserTime=0x18f83c) returned 1 [0055.736] OpenProcessToken (in: ProcessHandle=0x160, DesiredAccess=0x8, TokenHandle=0x18f80c | out: TokenHandle=0x18f80c*=0x164) returned 1 [0055.736] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18f808 | out: TokenInformation=0x0, ReturnLength=0x18f808) returned 0 [0055.736] GetTokenInformation (in: TokenHandle=0x164, TokenInformationClass=0x19, TokenInformation=0x1edc9c0, TokenInformationLength=0x14, ReturnLength=0x18f808 | out: TokenInformation=0x1edc9c0, ReturnLength=0x18f808) returned 1 [0055.736] GetSidSubAuthorityCount (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x1edc9c9 [0055.736] GetSidSubAuthority (pSid=0x1edc9c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x1edc9d0 [0055.737] GetSystemDirectoryW (in: lpBuffer=0x1d892d0, uSize=0x40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.737] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fbb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fbfc | out: lpCommandLine="C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessInformation=0x18fbfc*(hProcess=0x160, hThread=0x15c, dwProcessId=0x9f8, dwThreadId=0x9fc)) returned 1 [0055.789] NtClose (Handle=0x15c) returned 0x0 [0055.789] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x1d836e8, nSize=0x100 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0055.789] GetShortPathNameW (in: lpszLongPath="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpszShortPath=0x1d86af8, cchBuffer=0x100 | out: lpszShortPath="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0055.789] CryptAcquireContextW (in: phProv=0x18fba0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fba0*=0x3246f0) returned 1 [0055.790] CryptGenRandom (in: hProv=0x3246f0, dwLen=0x4, pbBuffer=0x18fbb4 | out: pbBuffer=0x18fbb4) returned 1 [0055.790] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.790] CryptAcquireContextW (in: phProv=0x18fb9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fb9c*=0x3246f0) returned 1 [0055.790] CryptGenRandom (in: hProv=0x3246f0, dwLen=0x4, pbBuffer=0x18fbb0 | out: pbBuffer=0x18fbb0) returned 1 [0055.791] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.791] CryptAcquireContextW (in: phProv=0x18fb9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fb9c*=0x3246f0) returned 1 [0055.791] CryptGenRandom (in: hProv=0x3246f0, dwLen=0x4, pbBuffer=0x18fbb0 | out: pbBuffer=0x18fbb0) returned 1 [0055.792] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.792] CryptAcquireContextW (in: phProv=0x18fb9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fb9c*=0x3246f0) returned 1 [0055.797] CryptGenRandom (in: hProv=0x3246f0, dwLen=0x4, pbBuffer=0x18fbb0 | out: pbBuffer=0x18fbb0) returned 1 [0055.797] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.797] CryptAcquireContextW (in: phProv=0x18fb9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fb9c*=0x3246f0) returned 1 [0055.798] CryptGenRandom (in: hProv=0x3246f0, dwLen=0x4, pbBuffer=0x18fbb0 | out: pbBuffer=0x18fbb0) returned 1 [0055.798] CryptReleaseContext (hProv=0x3246f0, dwFlags=0x0) returned 1 [0055.798] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpPrefixString="e", uUnique=0x0, lpTempFileName=0x1d836e8 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\ebfa6.tmp")) returned 0xbfa6 [0055.799] GetShortPathNameW (in: lpszLongPath="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp", lpszShortPath=0x1d86af8, cchBuffer=0x100 | out: lpszShortPath="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp") returned 0x2e [0055.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\ebfa6.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fba8 | out: lpFileInformation=0x18fba8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9932f790, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0x9932f790, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0x9932f790, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0055.799] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\ebfa6.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x5, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0055.799] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fbec, lpLastWriteTime=0x18fbec) returned 1 [0055.800] WriteFile (in: hFile=0x160, lpBuffer=0x1d83068*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x18fc18, lpOverlapped=0x0 | out: lpBuffer=0x1d83068*, lpNumberOfBytesWritten=0x18fc18*=0x1a, lpOverlapped=0x0) returned 1 [0055.801] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\diskshadow.exe", lpCommandLine="C:\\Windows\\system32\\diskshadow.exe /s C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fbb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fbfc | out: lpCommandLine="C:\\Windows\\system32\\diskshadow.exe /s C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\eBFA6.tmp", lpProcessInformation=0x18fbfc*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0055.801] NtClose (Handle=0x0) returned 0xc0000008 [0055.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin"), fInfoLevelId=0x0, lpFileInformation=0x18fbf4 | out: lpFileInformation=0x18fbf4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x93df03b0, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0x93df03b0, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0x93df03b0, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x2c800)) returned 1 [0055.801] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1:bin"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0055.801] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fc38, lpLastWriteTime=0x18fc38) returned 0 [0055.801] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fc24 | out: lpFileSizeHigh=0x18fc24*=0x0) returned 0x2c800 [0055.801] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fc30*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fc30*=0) returned 0x0 [0055.813] ReadFile (in: hFile=0x160, lpBuffer=0x1d8a0a8, nNumberOfBytesToRead=0x2c800, lpNumberOfBytesRead=0x18fc64, lpOverlapped=0x0 | out: lpBuffer=0x1d8a0a8*, lpNumberOfBytesRead=0x18fc64*=0x2c800, lpOverlapped=0x0) returned 1 [0056.020] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x324bf0 [0056.022] EnumServicesStatusExW (in: hSCManager=0x324bf0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x3, lpServices=0x1de30b8, cbBufSize=0x40000, pcbBytesNeeded=0x18fc10, lpServicesReturned=0x18fc00, lpResumeHandle=0x18fc0c, pszGroupName=0x0 | out: lpServices=0x1de30b8, pcbBytesNeeded=0x18fc10, lpServicesReturned=0x18fc00, lpResumeHandle=0x18fc0c) returned 1 [0056.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0056.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x1d83020, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adobeflashplayerupdatesvc", lpUsedDefaultChar=0x0) returned 25 [0056.029] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AdobeFlashPlayerUpdateSvc", dwDesiredAccess=0x1) returned 0x324cb8 [0056.029] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.029] GetLastError () returned 0x7a [0056.029] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x146, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashplayerupdateservice.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0056.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashplayerupdateservice.exe", cchWideChar=28, lpMultiByteStr=0x1d82fd8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashplayerupdateservice.exe", lpUsedDefaultChar=0x0) returned 28 [0056.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x1d82f90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aelookupsvc", lpUsedDefaultChar=0x0) returned 11 [0056.030] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AeLookupSvc", dwDesiredAccess=0x1) returned 0x324d80 [0056.030] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0056.030] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.031] GetLastError () returned 0x7a [0056.031] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x106, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82ba0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0056.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x1d82ba0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0056.032] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ALG", dwDesiredAccess=0x1) returned 0x324ce0 [0056.032] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0056.044] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.044] GetLastError () returned 0x7a [0056.044] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x11a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0056.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg.exe", cchWideChar=7, lpMultiByteStr=0x1d82b10, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg.exe", lpUsedDefaultChar=0x0) returned 7 [0056.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x1d82b10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appidsvc", lpUsedDefaultChar=0x0) returned 8 [0056.044] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AppIDSvc", dwDesiredAccess=0x1) returned 0x324dd0 [0056.045] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0056.045] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.045] GetLastError () returned 0x7a [0056.045] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x18e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82ac8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0056.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x1d82ac8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appinfo", lpUsedDefaultChar=0x0) returned 7 [0056.045] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Appinfo", dwDesiredAccess=0x1) returned 0x324cb8 [0056.045] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0056.046] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.046] GetLastError () returned 0x7a [0056.046] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x122, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82a80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0056.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x1d82a80, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appmgmt", lpUsedDefaultChar=0x0) returned 7 [0056.046] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AppMgmt", dwDesiredAccess=0x1) returned 0x324d80 [0056.047] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0056.047] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.047] GetLastError () returned 0x7a [0056.047] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x106, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82a38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0056.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x1d82a38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aspnet_state", lpUsedDefaultChar=0x0) returned 12 [0056.047] OpenServiceW (hSCManager=0x324bf0, lpServiceName="aspnet_state", dwDesiredAccess=0x1) returned 0x324ce0 [0056.048] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0056.048] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.048] GetLastError () returned 0x7a [0056.048] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x150, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0056.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state.exe", cchWideChar=16, lpMultiByteStr=0x1d829f0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aspnet_state.exe", lpUsedDefaultChar=0x0) returned 16 [0056.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0056.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x1d829f0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audioendpointbuilder", lpUsedDefaultChar=0x0) returned 20 [0056.048] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AudioEndpointBuilder", dwDesiredAccess=0x1) returned 0x324dd0 [0056.048] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0056.049] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.049] GetLastError () returned 0x7a [0056.049] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x164, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82960, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x1d82960, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiosrv", lpUsedDefaultChar=0x0) returned 8 [0056.049] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AudioSrv", dwDesiredAccess=0x1) returned 0x324cb8 [0056.049] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0056.050] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.050] GetLastError () returned 0x7a [0056.050] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x190, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d829a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x1d829a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="axinstsv", lpUsedDefaultChar=0x0) returned 8 [0056.050] OpenServiceW (hSCManager=0x324bf0, lpServiceName="AxInstSV", dwDesiredAccess=0x1) returned 0x324d80 [0056.050] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0056.050] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.051] GetLastError () returned 0x7a [0056.051] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x128, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d82888, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0056.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x1d82888, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bdesvc", lpUsedDefaultChar=0x0) returned 6 [0056.051] OpenServiceW (hSCManager=0x324bf0, lpServiceName="BDESVC", dwDesiredAccess=0x1) returned 0x324ce0 [0056.051] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0056.051] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.052] GetLastError () returned 0x7a [0056.052] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x11e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0056.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x1edc9c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bfe", lpUsedDefaultChar=0x0) returned 3 [0056.052] OpenServiceW (hSCManager=0x324bf0, lpServiceName="BFE", dwDesiredAccess=0x1) returned 0x324dd0 [0056.052] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0056.052] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0056.053] GetLastError () returned 0x7a [0056.053] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x164, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0056.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1edc9c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0056.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0056.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x1d83b10, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0056.057] OpenServiceW (hSCManager=0x324bf0, lpServiceName="BITS", dwDesiredAccess=0x1) returned 0x324cb8 [0057.344] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.344] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.344] GetLastError () returned 0x7a [0057.344] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x14a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83b10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x1d83b58, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="browser", lpUsedDefaultChar=0x0) returned 7 [0057.345] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Browser", dwDesiredAccess=0x1) returned 0x324d80 [0057.345] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.345] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.345] GetLastError () returned 0x7a [0057.345] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x154, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83ba0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x1d83ba0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthserv", lpUsedDefaultChar=0x0) returned 7 [0057.359] OpenServiceW (hSCManager=0x324bf0, lpServiceName="bthserv", dwDesiredAccess=0x1) returned 0x324ce0 [0057.359] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.359] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.360] GetLastError () returned 0x7a [0057.360] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x132, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83be8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x1d83be8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="certpropsvc", lpUsedDefaultChar=0x0) returned 11 [0057.360] OpenServiceW (hSCManager=0x324bf0, lpServiceName="CertPropSvc", dwDesiredAccess=0x1) returned 0x324dd0 [0057.360] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.360] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.360] GetLastError () returned 0x7a [0057.361] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x112, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83c30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0057.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x1d83c30, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_32", lpUsedDefaultChar=0x0) returned 30 [0057.361] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v2.0.50727_32", dwDesiredAccess=0x1) returned 0x324cb8 [0057.361] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.361] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.361] GetLastError () returned 0x7a [0057.361] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x152, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0057.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x1d83c78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0057.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0057.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x1d83c30, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_64", lpUsedDefaultChar=0x0) returned 30 [0057.362] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v2.0.50727_64", dwDesiredAccess=0x1) returned 0x324d80 [0057.362] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.362] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.362] GetLastError () returned 0x7a [0057.362] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x156, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0057.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x1d83c78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0057.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0057.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x1d83c78, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_32", lpUsedDefaultChar=0x0) returned 30 [0057.363] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v4.0.30319_32", dwDesiredAccess=0x1) returned 0x324ce0 [0057.363] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.363] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.363] GetLastError () returned 0x7a [0057.363] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x152, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0057.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x1d83cc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0057.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0057.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x1d83cc0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_64", lpUsedDefaultChar=0x0) returned 30 [0057.364] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v4.0.30319_64", dwDesiredAccess=0x1) returned 0x324dd0 [0057.364] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.364] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.364] GetLastError () returned 0x7a [0057.364] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x156, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0057.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x1d83d08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0057.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x1d83d08, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="comsysapp", lpUsedDefaultChar=0x0) returned 9 [0057.365] OpenServiceW (hSCManager=0x324bf0, lpServiceName="COMSysApp", dwDesiredAccess=0x1) returned 0x324cb8 [0057.365] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.365] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.365] GetLastError () returned 0x7a [0057.365] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x182, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dllhost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dllhost.exe", cchWideChar=11, lpMultiByteStr=0x1d83d50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x1d83d50, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptsvc", lpUsedDefaultChar=0x0) returned 8 [0057.365] OpenServiceW (hSCManager=0x324bf0, lpServiceName="CryptSvc", dwDesiredAccess=0x1) returned 0x324d80 [0057.366] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.366] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.366] GetLastError () returned 0x7a [0057.366] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x13e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83d98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0057.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x1d83d98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cscservice", lpUsedDefaultChar=0x0) returned 10 [0057.366] OpenServiceW (hSCManager=0x324bf0, lpServiceName="CscService", dwDesiredAccess=0x1) returned 0x324ce0 [0057.367] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.367] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.367] GetLastError () returned 0x7a [0057.367] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x142, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83de0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0057.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x1d83de0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dcomlaunch", lpUsedDefaultChar=0x0) returned 10 [0057.367] OpenServiceW (hSCManager=0x324bf0, lpServiceName="DcomLaunch", dwDesiredAccess=0x1) returned 0x324dd0 [0057.367] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.368] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.368] GetLastError () returned 0x7a [0057.368] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x13c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83e28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x1d83e28, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="defragsvc", lpUsedDefaultChar=0x0) returned 9 [0057.368] OpenServiceW (hSCManager=0x324bf0, lpServiceName="defragsvc", dwDesiredAccess=0x1) returned 0x324cb8 [0057.368] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.368] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.369] GetLastError () returned 0x7a [0057.369] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x10a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83e70, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0057.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x1d83e70, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dhcp", lpUsedDefaultChar=0x0) returned 4 [0057.369] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Dhcp", dwDesiredAccess=0x1) returned 0x324d80 [0057.369] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.369] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.369] GetLastError () returned 0x7a [0057.370] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x154, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83eb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x1d83eb8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dnscache", lpUsedDefaultChar=0x0) returned 8 [0057.370] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Dnscache", dwDesiredAccess=0x1) returned 0x324ce0 [0057.370] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.370] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.370] GetLastError () returned 0x7a [0057.370] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x130, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83f00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x1d83f00, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dot3svc", lpUsedDefaultChar=0x0) returned 7 [0057.371] OpenServiceW (hSCManager=0x324bf0, lpServiceName="dot3svc", dwDesiredAccess=0x1) returned 0x324dd0 [0057.371] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.371] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.371] GetLastError () returned 0x7a [0057.371] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x154, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83f48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0057.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x1d83f48, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dps", lpUsedDefaultChar=0x0) returned 3 [0057.372] OpenServiceW (hSCManager=0x324bf0, lpServiceName="DPS", dwDesiredAccess=0x1) returned 0x324cb8 [0057.372] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.372] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.372] GetLastError () returned 0x7a [0057.372] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x144, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83f90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x1d83f90, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eaphost", lpUsedDefaultChar=0x0) returned 7 [0057.373] OpenServiceW (hSCManager=0x324bf0, lpServiceName="EapHost", dwDesiredAccess=0x1) returned 0x324d80 [0057.373] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.373] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.373] GetLastError () returned 0x7a [0057.373] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x136, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d83fd8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0057.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x1d83fd8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="efs", lpUsedDefaultChar=0x0) returned 3 [0057.374] OpenServiceW (hSCManager=0x324bf0, lpServiceName="EFS", dwDesiredAccess=0x1) returned 0x324ce0 [0057.374] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.374] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.374] GetLastError () returned 0x7a [0057.374] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x102, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1d84020, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0057.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x1d84020, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehrecvr", lpUsedDefaultChar=0x0) returned 7 [0057.380] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ehRecvr", dwDesiredAccess=0x1) returned 0x324dd0 [0057.384] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.385] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.385] GetLastError () returned 0x7a [0057.385] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x132, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr.exe", cchWideChar=11, lpMultiByteStr=0x1d84068, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehrecvr.exe", lpUsedDefaultChar=0x0) returned 11 [0057.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x1d84068, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehsched", lpUsedDefaultChar=0x0) returned 7 [0057.385] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ehSched", dwDesiredAccess=0x1) returned 0x324cb8 [0057.385] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.386] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.390] GetLastError () returned 0x7a [0057.390] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x134, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched.exe", cchWideChar=11, lpMultiByteStr=0x1d840b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehsched.exe", lpUsedDefaultChar=0x0) returned 11 [0057.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x1d840b0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventlog", lpUsedDefaultChar=0x0) returned 8 [0057.391] OpenServiceW (hSCManager=0x324bf0, lpServiceName="eventlog", dwDesiredAccess=0x1) returned 0x324d80 [0057.391] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.391] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.391] GetLastError () returned 0x7a [0057.391] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x156, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d840f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x1d840f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0057.392] OpenServiceW (hSCManager=0x324bf0, lpServiceName="EventSystem", dwDesiredAccess=0x1) returned 0x324ce0 [0057.392] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.392] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.392] GetLastError () returned 0x7a [0057.392] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x12c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84140, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0057.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x1d84140, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0057.393] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Fax", dwDesiredAccess=0x1) returned 0x324dd0 [0057.393] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.393] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.393] GetLastError () returned 0x7a [0057.393] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x124, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fxssvc.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0057.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fxssvc.exe", cchWideChar=10, lpMultiByteStr=0x1d84188, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fxssvc.exe", lpUsedDefaultChar=0x0) returned 10 [0057.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x1d84188, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdphost", lpUsedDefaultChar=0x0) returned 7 [0057.394] OpenServiceW (hSCManager=0x324bf0, lpServiceName="fdPHost", dwDesiredAccess=0x1) returned 0x324cb8 [0057.394] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.394] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.394] GetLastError () returned 0x7a [0057.394] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x154, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d841d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x1d841d0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdrespub", lpUsedDefaultChar=0x0) returned 8 [0057.395] OpenServiceW (hSCManager=0x324bf0, lpServiceName="FDResPub", dwDesiredAccess=0x1) returned 0x324d80 [0057.395] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.395] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.396] GetLastError () returned 0x7a [0057.396] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x186, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84218, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x1d84218, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache", lpUsedDefaultChar=0x0) returned 9 [0057.403] OpenServiceW (hSCManager=0x324bf0, lpServiceName="FontCache", dwDesiredAccess=0x1) returned 0x324ce0 [0057.404] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.405] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.412] GetLastError () returned 0x7a [0057.412] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x158, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84260, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0057.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x1d84260, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache3.0.0.0", lpUsedDefaultChar=0x0) returned 16 [0057.413] OpenServiceW (hSCManager=0x324bf0, lpServiceName="FontCache3.0.0.0", dwDesiredAccess=0x1) returned 0x324dd0 [0057.413] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.413] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.413] GetLastError () returned 0x7a [0057.413] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x194, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="presentationfontcache.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0057.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="presentationfontcache.exe", cchWideChar=25, lpMultiByteStr=0x1d842a8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="presentationfontcache.exe", lpUsedDefaultChar=0x0) returned 25 [0057.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0057.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x1d842a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpsvc", lpUsedDefaultChar=0x0) returned 5 [0057.414] OpenServiceW (hSCManager=0x324bf0, lpServiceName="gpsvc", dwDesiredAccess=0x1) returned 0x324cb8 [0057.414] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.414] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.414] GetLastError () returned 0x7a [0057.414] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x12c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d842f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x1d842f0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdate", lpUsedDefaultChar=0x0) returned 7 [0057.415] OpenServiceW (hSCManager=0x324bf0, lpServiceName="gupdate", dwDesiredAccess=0x1) returned 0x324d80 [0057.415] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.415] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.415] GetLastError () returned 0x7a [0057.415] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x146, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0057.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0x1d84338, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="googleupdate.exe", lpUsedDefaultChar=0x0) returned 16 [0057.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x1d84338, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdatem", lpUsedDefaultChar=0x0) returned 8 [0057.416] OpenServiceW (hSCManager=0x324bf0, lpServiceName="gupdatem", dwDesiredAccess=0x1) returned 0x324ce0 [0057.416] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.416] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.416] GetLastError () returned 0x7a [0057.416] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0057.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0x1d84380, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="googleupdate.exe", lpUsedDefaultChar=0x0) returned 16 [0057.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x1d84380, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidserv", lpUsedDefaultChar=0x0) returned 7 [0057.417] OpenServiceW (hSCManager=0x324bf0, lpServiceName="hidserv", dwDesiredAccess=0x1) returned 0x324dd0 [0057.417] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.417] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.423] GetLastError () returned 0x7a [0057.423] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x13e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d843c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0057.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x1d843c8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hkmsvc", lpUsedDefaultChar=0x0) returned 6 [0057.426] OpenServiceW (hSCManager=0x324bf0, lpServiceName="hkmsvc", dwDesiredAccess=0x1) returned 0x324cb8 [0057.426] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.428] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.429] GetLastError () returned 0x7a [0057.429] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x12e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84410, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0057.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x1d84410, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegrouplistener", lpUsedDefaultChar=0x0) returned 17 [0057.430] OpenServiceW (hSCManager=0x324bf0, lpServiceName="HomeGroupListener", dwDesiredAccess=0x1) returned 0x324d80 [0057.430] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.430] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.430] GetLastError () returned 0x7a [0057.430] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x140, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84458, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0057.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x1d84458, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroupprovider", lpUsedDefaultChar=0x0) returned 17 [0057.431] OpenServiceW (hSCManager=0x324bf0, lpServiceName="HomeGroupProvider", dwDesiredAccess=0x1) returned 0x324ce0 [0057.431] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.431] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.431] GetLastError () returned 0x7a [0057.431] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x178, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d844a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0057.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x1d844a0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idsvc", lpUsedDefaultChar=0x0) returned 5 [0057.432] OpenServiceW (hSCManager=0x324bf0, lpServiceName="idsvc", dwDesiredAccess=0x1) returned 0x324dd0 [0057.434] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.436] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.448] GetLastError () returned 0x7a [0057.448] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x15a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="infocard.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0057.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="infocard.exe", cchWideChar=12, lpMultiByteStr=0x1d844e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="infocard.exe", lpUsedDefaultChar=0x0) returned 12 [0057.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0057.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x1d844e8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ikeext", lpUsedDefaultChar=0x0) returned 6 [0057.449] OpenServiceW (hSCManager=0x324bf0, lpServiceName="IKEEXT", dwDesiredAccess=0x1) returned 0x324cb8 [0057.450] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.451] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.454] GetLastError () returned 0x7a [0057.454] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x126, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84530, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x1d84530, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipbusenum", lpUsedDefaultChar=0x0) returned 9 [0057.458] OpenServiceW (hSCManager=0x324bf0, lpServiceName="IPBusEnum", dwDesiredAccess=0x1) returned 0x324d80 [0057.459] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.459] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.459] GetLastError () returned 0x7a [0057.459] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x14c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84578, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x1d84578, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iphlpsvc", lpUsedDefaultChar=0x0) returned 8 [0057.461] OpenServiceW (hSCManager=0x324bf0, lpServiceName="iphlpsvc", dwDesiredAccess=0x1) returned 0x324ce0 [0057.461] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.461] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.462] GetLastError () returned 0x7a [0057.462] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x122, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d845c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0057.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x1d845c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keyiso", lpUsedDefaultChar=0x0) returned 6 [0057.463] OpenServiceW (hSCManager=0x324bf0, lpServiceName="KeyIso", dwDesiredAccess=0x1) returned 0x324dd0 [0057.464] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.464] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.464] GetLastError () returned 0x7a [0057.464] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0xec, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1d84608, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0057.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0057.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x1d84608, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ktmrm", lpUsedDefaultChar=0x0) returned 5 [0057.466] OpenServiceW (hSCManager=0x324bf0, lpServiceName="KtmRm", dwDesiredAccess=0x1) returned 0x324cb8 [0057.466] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.466] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.466] GetLastError () returned 0x7a [0057.467] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x19c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84650, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0057.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x1d84650, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanserver", lpUsedDefaultChar=0x0) returned 12 [0057.468] OpenServiceW (hSCManager=0x324bf0, lpServiceName="LanmanServer", dwDesiredAccess=0x1) returned 0x324d80 [0057.468] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.469] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.469] GetLastError () returned 0x7a [0057.469] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0xf8, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84698, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0057.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x1d84698, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanworkstation", lpUsedDefaultChar=0x0) returned 17 [0057.470] OpenServiceW (hSCManager=0x324bf0, lpServiceName="LanmanWorkstation", dwDesiredAccess=0x1) returned 0x324ce0 [0057.470] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.471] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.473] GetLastError () returned 0x7a [0057.473] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x174, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d846e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x1d846e0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lltdsvc", lpUsedDefaultChar=0x0) returned 7 [0057.479] OpenServiceW (hSCManager=0x324bf0, lpServiceName="lltdsvc", dwDesiredAccess=0x1) returned 0x324dd0 [0057.481] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.481] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.481] GetLastError () returned 0x7a [0057.481] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x160, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84728, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x1d84728, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lmhosts", lpUsedDefaultChar=0x0) returned 7 [0057.482] OpenServiceW (hSCManager=0x324bf0, lpServiceName="lmhosts", dwDesiredAccess=0x1) returned 0x324cb8 [0057.483] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.483] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.483] GetLastError () returned 0x7a [0057.483] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x164, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84770, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x1d84770, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mcx2svc", lpUsedDefaultChar=0x0) returned 7 [0057.483] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Mcx2Svc", dwDesiredAccess=0x1) returned 0x324d80 [0057.484] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.484] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.484] GetLastError () returned 0x7a [0057.484] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x1a8, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d847b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0057.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x1d847b8, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sharepoint workspace audit service", lpUsedDefaultChar=0x0) returned 44 [0057.484] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Microsoft SharePoint Workspace Audit Service", dwDesiredAccess=0x1) returned 0x324ce0 [0057.484] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.485] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.485] GetLastError () returned 0x7a [0057.485] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x184, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="groove.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0057.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="groove.exe", cchWideChar=10, lpMultiByteStr=0x1d84800, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="groove.exe", lpUsedDefaultChar=0x0) returned 10 [0057.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0057.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x1d84800, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmcss", lpUsedDefaultChar=0x0) returned 5 [0057.485] OpenServiceW (hSCManager=0x324bf0, lpServiceName="MMCSS", dwDesiredAccess=0x1) returned 0x324dd0 [0057.486] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.486] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.486] GetLastError () returned 0x7a [0057.486] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x10e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84848, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0057.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x1d84848, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mozillamaintenance", lpUsedDefaultChar=0x0) returned 18 [0057.486] OpenServiceW (hSCManager=0x324bf0, lpServiceName="MozillaMaintenance", dwDesiredAccess=0x1) returned 0x324cb8 [0057.489] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.490] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.491] GetLastError () returned 0x7a [0057.491] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x152, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0057.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x1d84890, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="maintenanceservice.exe", lpUsedDefaultChar=0x0) returned 22 [0057.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0057.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x1d84890, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpssvc", lpUsedDefaultChar=0x0) returned 6 [0057.493] OpenServiceW (hSCManager=0x324bf0, lpServiceName="MpsSvc", dwDesiredAccess=0x1) returned 0x324d80 [0057.493] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.493] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.494] GetLastError () returned 0x7a [0057.494] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x164, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d848d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0057.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x1d848d8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0057.495] OpenServiceW (hSCManager=0x324bf0, lpServiceName="MSDTC", dwDesiredAccess=0x1) returned 0x324ce0 [0057.495] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.495] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.495] GetLastError () returned 0x7a [0057.495] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x13c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc.exe", cchWideChar=9, lpMultiByteStr=0x1d84920, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc.exe", lpUsedDefaultChar=0x0) returned 9 [0057.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0057.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x1d84920, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiscsi", lpUsedDefaultChar=0x0) returned 7 [0057.496] OpenServiceW (hSCManager=0x324bf0, lpServiceName="MSiSCSI", dwDesiredAccess=0x1) returned 0x324dd0 [0057.496] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.496] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.496] GetLastError () returned 0x7a [0057.496] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x126, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84968, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x1d84968, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiserver", lpUsedDefaultChar=0x0) returned 9 [0057.497] OpenServiceW (hSCManager=0x324bf0, lpServiceName="msiserver", dwDesiredAccess=0x1) returned 0x324cb8 [0057.497] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.498] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.498] GetLastError () returned 0x7a [0057.498] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0xf6, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiexec.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiexec.exe", cchWideChar=11, lpMultiByteStr=0x1d849b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiexec.exe", lpUsedDefaultChar=0x0) returned 11 [0057.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napagent", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napagent", cchWideChar=8, lpMultiByteStr=0x1d849b0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="napagent", lpUsedDefaultChar=0x0) returned 8 [0057.499] OpenServiceW (hSCManager=0x324bf0, lpServiceName="napagent", dwDesiredAccess=0x1) returned 0x324d80 [0057.499] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.499] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.499] GetLastError () returned 0x7a [0057.499] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x150, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d849f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netlogon", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netlogon", cchWideChar=8, lpMultiByteStr=0x1d849f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netlogon", lpUsedDefaultChar=0x0) returned 8 [0057.500] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Netlogon", dwDesiredAccess=0x1) returned 0x324ce0 [0057.500] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.500] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.501] GetLastError () returned 0x7a [0057.502] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x126, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1d84a40, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0057.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netman", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0057.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netman", cchWideChar=6, lpMultiByteStr=0x1d84a40, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netman", lpUsedDefaultChar=0x0) returned 6 [0057.503] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Netman", dwDesiredAccess=0x1) returned 0x324dd0 [0057.529] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.529] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.529] GetLastError () returned 0x7a [0057.529] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x13c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d84a88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netmsmqactivator", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0057.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netmsmqactivator", cchWideChar=16, lpMultiByteStr=0x1d84a88, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netmsmqactivator", lpUsedDefaultChar=0x0) returned 16 [0057.530] OpenServiceW (hSCManager=0x324bf0, lpServiceName="NetMsmqActivator", dwDesiredAccess=0x1) returned 0x324cb8 [0057.530] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.530] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.530] GetLastError () returned 0x7a [0057.530] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x18a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0057.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x1d84a88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0057.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netpipeactivator", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0057.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netpipeactivator", cchWideChar=16, lpMultiByteStr=0x1e290d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netpipeactivator", lpUsedDefaultChar=0x0) returned 16 [0057.551] OpenServiceW (hSCManager=0x324bf0, lpServiceName="NetPipeActivator", dwDesiredAccess=0x1) returned 0x324d80 [0057.552] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.552] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.552] GetLastError () returned 0x7a [0057.552] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x154, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0057.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x1e290d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0057.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netprofm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0057.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netprofm", cchWideChar=8, lpMultiByteStr=0x1e29120, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netprofm", lpUsedDefaultChar=0x0) returned 8 [0057.553] OpenServiceW (hSCManager=0x324bf0, lpServiceName="netprofm", dwDesiredAccess=0x1) returned 0x324ce0 [0057.555] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0057.556] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.557] GetLastError () returned 0x7a [0057.558] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x140, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0057.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29168, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0057.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpactivator", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0057.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpactivator", cchWideChar=15, lpMultiByteStr=0x1e29168, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nettcpactivator", lpUsedDefaultChar=0x0) returned 15 [0057.561] OpenServiceW (hSCManager=0x324bf0, lpServiceName="NetTcpActivator", dwDesiredAccess=0x1) returned 0x324dd0 [0057.561] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0057.561] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.562] GetLastError () returned 0x7a [0057.562] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x176, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0057.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x1e291b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0057.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpportsharing", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0057.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpportsharing", cchWideChar=17, lpMultiByteStr=0x1e291b0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nettcpportsharing", lpUsedDefaultChar=0x0) returned 17 [0057.562] OpenServiceW (hSCManager=0x324bf0, lpServiceName="NetTcpPortSharing", dwDesiredAccess=0x1) returned 0x324cb8 [0057.562] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0057.563] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.563] GetLastError () returned 0x7a [0057.563] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x154, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0057.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0057.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x1e291f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0057.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nlasvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0057.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nlasvc", cchWideChar=6, lpMultiByteStr=0x1e291f8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nlasvc", lpUsedDefaultChar=0x0) returned 6 [0057.563] OpenServiceW (hSCManager=0x324bf0, lpServiceName="NlaSvc", dwDesiredAccess=0x1) returned 0x324d80 [0057.564] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0057.564] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0057.565] GetLastError () returned 0x7a [0057.565] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x15a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29240, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nsi", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nsi", cchWideChar=3, lpMultiByteStr=0x1e29240, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nsi", lpUsedDefaultChar=0x0) returned 3 [0059.191] OpenServiceW (hSCManager=0x324bf0, lpServiceName="nsi", dwDesiredAccess=0x1) returned 0x324ce0 [0059.191] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.192] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.192] GetLastError () returned 0x7a [0059.192] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29288, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose64", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose64", cchWideChar=5, lpMultiByteStr=0x1e29288, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ose64", lpUsedDefaultChar=0x0) returned 5 [0059.194] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ose64", dwDesiredAccess=0x1) returned 0x324dd0 [0059.195] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.195] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.195] GetLastError () returned 0x7a [0059.195] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x140, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose.exe", cchWideChar=7, lpMultiByteStr=0x1e292d0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ose.exe", lpUsedDefaultChar=0x0) returned 7 [0059.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc", cchWideChar=7, lpMultiByteStr=0x1e292d0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="osppsvc", lpUsedDefaultChar=0x0) returned 7 [0059.199] OpenServiceW (hSCManager=0x324bf0, lpServiceName="osppsvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.199] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.217] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.217] GetLastError () returned 0x7a [0059.217] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x1b0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc.exe", cchWideChar=11, lpMultiByteStr=0x1e29318, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="osppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0059.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2pimsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2pimsvc", cchWideChar=8, lpMultiByteStr=0x1e29318, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="p2pimsvc", lpUsedDefaultChar=0x0) returned 8 [0059.218] OpenServiceW (hSCManager=0x324bf0, lpServiceName="p2pimsvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.218] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.218] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.219] GetLastError () returned 0x7a [0059.219] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29360, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2psvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2psvc", cchWideChar=6, lpMultiByteStr=0x1e29360, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="p2psvc", lpUsedDefaultChar=0x0) returned 6 [0059.220] OpenServiceW (hSCManager=0x324bf0, lpServiceName="p2psvc", dwDesiredAccess=0x1) returned 0x324ce0 [0059.220] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.220] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.221] GetLastError () returned 0x7a [0059.221] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x15e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e293a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pcasvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pcasvc", cchWideChar=6, lpMultiByteStr=0x1e293a8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pcasvc", lpUsedDefaultChar=0x0) returned 6 [0059.221] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PcaSvc", dwDesiredAccess=0x1) returned 0x324dd0 [0059.222] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.222] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.222] GetLastError () returned 0x7a [0059.222] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x15c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e293f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="peerdistsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="peerdistsvc", cchWideChar=11, lpMultiByteStr=0x1e293f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="peerdistsvc", lpUsedDefaultChar=0x0) returned 11 [0059.223] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PeerDistSvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.223] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.223] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.223] GetLastError () returned 0x7a [0059.223] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x11a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29438, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost", cchWideChar=8, lpMultiByteStr=0x1e29438, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="perfhost", lpUsedDefaultChar=0x0) returned 8 [0059.224] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PerfHost", dwDesiredAccess=0x1) returned 0x324d80 [0059.224] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.225] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.225] GetLastError () returned 0x7a [0059.225] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x124, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost.exe", cchWideChar=12, lpMultiByteStr=0x1e29480, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="perfhost.exe", lpUsedDefaultChar=0x0) returned 12 [0059.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x1e29480, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pla", lpUsedDefaultChar=0x0) returned 3 [0059.226] OpenServiceW (hSCManager=0x324bf0, lpServiceName="pla", dwDesiredAccess=0x1) returned 0x324ce0 [0059.226] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.226] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.226] GetLastError () returned 0x7a [0059.226] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e294c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="plugplay", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="plugplay", cchWideChar=8, lpMultiByteStr=0x1e294c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="plugplay", lpUsedDefaultChar=0x0) returned 8 [0059.227] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PlugPlay", dwDesiredAccess=0x1) returned 0x324dd0 [0059.227] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.227] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.228] GetLastError () returned 0x7a [0059.228] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x10a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29510, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpautoreg", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpautoreg", cchWideChar=11, lpMultiByteStr=0x1e29510, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnrpautoreg", lpUsedDefaultChar=0x0) returned 11 [0059.228] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PNRPAutoReg", dwDesiredAccess=0x1) returned 0x324cb8 [0059.228] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.228] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.229] GetLastError () returned 0x7a [0059.229] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x166, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29558, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpsvc", cchWideChar=7, lpMultiByteStr=0x1e29558, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnrpsvc", lpUsedDefaultChar=0x0) returned 7 [0059.229] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PNRPsvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.229] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.229] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.230] GetLastError () returned 0x7a [0059.230] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x158, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e295a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policyagent", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policyagent", cchWideChar=11, lpMultiByteStr=0x1e295a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policyagent", lpUsedDefaultChar=0x0) returned 11 [0059.230] OpenServiceW (hSCManager=0x324bf0, lpServiceName="PolicyAgent", dwDesiredAccess=0x1) returned 0x324ce0 [0059.230] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.231] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.231] GetLastError () returned 0x7a [0059.231] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x160, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e295e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="power", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="power", cchWideChar=5, lpMultiByteStr=0x1e295e8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="power", lpUsedDefaultChar=0x0) returned 5 [0059.231] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Power", dwDesiredAccess=0x1) returned 0x324dd0 [0059.231] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.232] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.232] GetLastError () returned 0x7a [0059.232] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0xfa, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29630, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="profsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="profsvc", cchWideChar=7, lpMultiByteStr=0x1e29630, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="profsvc", lpUsedDefaultChar=0x0) returned 7 [0059.233] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ProfSvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.233] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.233] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.234] GetLastError () returned 0x7a [0059.234] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x126, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29678, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="protectedstorage", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0059.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="protectedstorage", cchWideChar=16, lpMultiByteStr=0x1e29678, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="protectedstorage", lpUsedDefaultChar=0x0) returned 16 [0059.234] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ProtectedStorage", dwDesiredAccess=0x1) returned 0x324d80 [0059.235] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.235] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.235] GetLastError () returned 0x7a [0059.235] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0xec, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1e296c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0059.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="qwave", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="qwave", cchWideChar=5, lpMultiByteStr=0x1e296c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qwave", lpUsedDefaultChar=0x0) returned 5 [0059.236] OpenServiceW (hSCManager=0x324bf0, lpServiceName="QWAVE", dwDesiredAccess=0x1) returned 0x324ce0 [0059.236] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.236] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.237] GetLastError () returned 0x7a [0059.237] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x1a8, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29708, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasauto", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasauto", cchWideChar=7, lpMultiByteStr=0x1e29708, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rasauto", lpUsedDefaultChar=0x0) returned 7 [0059.237] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RasAuto", dwDesiredAccess=0x1) returned 0x324dd0 [0059.237] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.238] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.238] GetLastError () returned 0x7a [0059.238] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29750, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasman", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasman", cchWideChar=6, lpMultiByteStr=0x1e29750, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rasman", lpUsedDefaultChar=0x0) returned 6 [0059.238] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RasMan", dwDesiredAccess=0x1) returned 0x324cb8 [0059.239] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.239] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.239] GetLastError () returned 0x7a [0059.239] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x138, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29798, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteaccess", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteaccess", cchWideChar=12, lpMultiByteStr=0x1e29798, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="remoteaccess", lpUsedDefaultChar=0x0) returned 12 [0059.240] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RemoteAccess", dwDesiredAccess=0x1) returned 0x324d80 [0059.240] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.240] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.240] GetLastError () returned 0x7a [0059.240] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x152, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e297e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteregistry", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0059.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteregistry", cchWideChar=14, lpMultiByteStr=0x1e297e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="remoteregistry", lpUsedDefaultChar=0x0) returned 14 [0059.241] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RemoteRegistry", dwDesiredAccess=0x1) returned 0x324ce0 [0059.241] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.242] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.242] GetLastError () returned 0x7a [0059.242] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x11c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29828, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpceptmapper", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpceptmapper", cchWideChar=12, lpMultiByteStr=0x1e29828, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpceptmapper", lpUsedDefaultChar=0x0) returned 12 [0059.243] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RpcEptMapper", dwDesiredAccess=0x1) returned 0x324dd0 [0059.243] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.243] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.243] GetLastError () returned 0x7a [0059.244] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x140, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29870, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpclocator", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0059.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpclocator", cchWideChar=10, lpMultiByteStr=0x1e29870, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpclocator", lpUsedDefaultChar=0x0) returned 10 [0059.244] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RpcLocator", dwDesiredAccess=0x1) returned 0x324cb8 [0059.245] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.245] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.245] GetLastError () returned 0x7a [0059.245] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x12a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="locator.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="locator.exe", cchWideChar=11, lpMultiByteStr=0x1e298b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="locator.exe", lpUsedDefaultChar=0x0) returned 11 [0059.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpcss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpcss", cchWideChar=5, lpMultiByteStr=0x1e298b8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpcss", lpUsedDefaultChar=0x0) returned 5 [0059.246] OpenServiceW (hSCManager=0x324bf0, lpServiceName="RpcSs", dwDesiredAccess=0x1) returned 0x324d80 [0059.246] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.247] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.247] GetLastError () returned 0x7a [0059.247] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x17e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29900, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="samss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="samss", cchWideChar=5, lpMultiByteStr=0x1e29900, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="samss", lpUsedDefaultChar=0x0) returned 5 [0059.248] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SamSs", dwDesiredAccess=0x1) returned 0x324ce0 [0059.292] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.292] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.293] GetLastError () returned 0x7a [0059.293] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x12e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1e29948, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0059.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scardsvr", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scardsvr", cchWideChar=8, lpMultiByteStr=0x1e29948, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scardsvr", lpUsedDefaultChar=0x0) returned 8 [0059.293] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SCardSvr", dwDesiredAccess=0x1) returned 0x324dd0 [0059.294] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.294] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.294] GetLastError () returned 0x7a [0059.294] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x164, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29990, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedule", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedule", cchWideChar=8, lpMultiByteStr=0x1e29990, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schedule", lpUsedDefaultChar=0x0) returned 8 [0059.295] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Schedule", dwDesiredAccess=0x1) returned 0x324cb8 [0059.295] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.295] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.295] GetLastError () returned 0x7a [0059.295] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x12e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e299d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scpolicysvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scpolicysvc", cchWideChar=11, lpMultiByteStr=0x1e299d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scpolicysvc", lpUsedDefaultChar=0x0) returned 11 [0059.297] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SCPolicySvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.297] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.297] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.297] GetLastError () returned 0x7a [0059.297] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x116, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29a20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sdrsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sdrsvc", cchWideChar=6, lpMultiByteStr=0x1e29a20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sdrsvc", lpUsedDefaultChar=0x0) returned 6 [0059.298] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SDRSVC", dwDesiredAccess=0x1) returned 0x324ce0 [0059.298] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.299] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.299] GetLastError () returned 0x7a [0059.299] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0xfe, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29a68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seclogon", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seclogon", cchWideChar=8, lpMultiByteStr=0x1e29a68, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seclogon", lpUsedDefaultChar=0x0) returned 8 [0059.299] OpenServiceW (hSCManager=0x324bf0, lpServiceName="seclogon", dwDesiredAccess=0x1) returned 0x324dd0 [0059.300] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.300] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.300] GetLastError () returned 0x7a [0059.300] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0xf8, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29ab0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sens", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sens", cchWideChar=4, lpMultiByteStr=0x1e29ab0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sens", lpUsedDefaultChar=0x0) returned 4 [0059.300] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SENS", dwDesiredAccess=0x1) returned 0x324cb8 [0059.301] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.301] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.301] GetLastError () returned 0x7a [0059.301] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x14c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29af8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensrsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensrsvc", cchWideChar=8, lpMultiByteStr=0x1e29af8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sensrsvc", lpUsedDefaultChar=0x0) returned 8 [0059.302] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SensrSvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.302] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.302] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.302] GetLastError () returned 0x7a [0059.302] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x14a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29b40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sessionenv", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0059.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sessionenv", cchWideChar=10, lpMultiByteStr=0x1e29b40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sessionenv", lpUsedDefaultChar=0x0) returned 10 [0059.303] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SessionEnv", dwDesiredAccess=0x1) returned 0x324ce0 [0059.303] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.303] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.303] GetLastError () returned 0x7a [0059.303] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x140, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29b88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sharedaccess", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sharedaccess", cchWideChar=12, lpMultiByteStr=0x1e29b88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sharedaccess", lpUsedDefaultChar=0x0) returned 12 [0059.304] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SharedAccess", dwDesiredAccess=0x1) returned 0x324dd0 [0059.304] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.304] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.304] GetLastError () returned 0x7a [0059.304] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29bd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shellhwdetection", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0059.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shellhwdetection", cchWideChar=16, lpMultiByteStr=0x1e29bd0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shellhwdetection", lpUsedDefaultChar=0x0) returned 16 [0059.305] OpenServiceW (hSCManager=0x324bf0, lpServiceName="ShellHWDetection", dwDesiredAccess=0x1) returned 0x324cb8 [0059.305] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.305] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.305] GetLastError () returned 0x7a [0059.305] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x12e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29c18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap", cchWideChar=8, lpMultiByteStr=0x1e29c18, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snmptrap", lpUsedDefaultChar=0x0) returned 8 [0059.306] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SNMPTRAP", dwDesiredAccess=0x1) returned 0x324d80 [0059.306] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.306] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.306] GetLastError () returned 0x7a [0059.306] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0xf4, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap.exe", cchWideChar=12, lpMultiByteStr=0x1e29c60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snmptrap.exe", lpUsedDefaultChar=0x0) returned 12 [0059.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spooler", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spooler", cchWideChar=7, lpMultiByteStr=0x1e29c60, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spooler", lpUsedDefaultChar=0x0) returned 7 [0059.307] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Spooler", dwDesiredAccess=0x1) returned 0x324ce0 [0059.307] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.307] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.308] GetLastError () returned 0x7a [0059.308] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x10a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x1e29ca8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0059.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc", cchWideChar=6, lpMultiByteStr=0x1e29ca8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc", lpUsedDefaultChar=0x0) returned 6 [0059.308] OpenServiceW (hSCManager=0x324bf0, lpServiceName="sppsvc", dwDesiredAccess=0x1) returned 0x324dd0 [0059.308] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.308] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.309] GetLastError () returned 0x7a [0059.309] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x112, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0059.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc.exe", cchWideChar=10, lpMultiByteStr=0x1e29cf0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 10 [0059.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppuinotify", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppuinotify", cchWideChar=11, lpMultiByteStr=0x1e29cf0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppuinotify", lpUsedDefaultChar=0x0) returned 11 [0059.309] OpenServiceW (hSCManager=0x324bf0, lpServiceName="sppuinotify", dwDesiredAccess=0x1) returned 0x324cb8 [0059.309] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.310] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.310] GetLastError () returned 0x7a [0059.310] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x146, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29d38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ssdpsrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ssdpsrv", cchWideChar=7, lpMultiByteStr=0x1e29d38, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ssdpsrv", lpUsedDefaultChar=0x0) returned 7 [0059.310] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SSDPSRV", dwDesiredAccess=0x1) returned 0x324d80 [0059.310] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.311] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.311] GetLastError () returned 0x7a [0059.311] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x148, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29d80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sstpsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sstpsvc", cchWideChar=7, lpMultiByteStr=0x1e29d80, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sstpsvc", lpUsedDefaultChar=0x0) returned 7 [0059.311] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SstpSvc", dwDesiredAccess=0x1) returned 0x324ce0 [0059.311] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.312] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.312] GetLastError () returned 0x7a [0059.312] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x150, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29dc8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stisvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stisvc", cchWideChar=6, lpMultiByteStr=0x1e29dc8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stisvc", lpUsedDefaultChar=0x0) returned 6 [0059.312] OpenServiceW (hSCManager=0x324bf0, lpServiceName="stisvc", dwDesiredAccess=0x1) returned 0x324dd0 [0059.313] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.313] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.313] GetLastError () returned 0x7a [0059.313] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x15e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29e10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="storsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="storsvc", cchWideChar=7, lpMultiByteStr=0x1e29e10, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="storsvc", lpUsedDefaultChar=0x0) returned 7 [0059.313] OpenServiceW (hSCManager=0x324bf0, lpServiceName="StorSvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.314] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.314] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.314] GetLastError () returned 0x7a [0059.314] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x122, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29e58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="swprv", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="swprv", cchWideChar=5, lpMultiByteStr=0x1e29e58, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swprv", lpUsedDefaultChar=0x0) returned 5 [0059.314] OpenServiceW (hSCManager=0x324bf0, lpServiceName="swprv", dwDesiredAccess=0x1) returned 0x324d80 [0059.315] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.315] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.315] GetLastError () returned 0x7a [0059.315] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x12e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29ea0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysmain", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysmain", cchWideChar=7, lpMultiByteStr=0x1e29ea0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sysmain", lpUsedDefaultChar=0x0) returned 7 [0059.315] OpenServiceW (hSCManager=0x324bf0, lpServiceName="SysMain", dwDesiredAccess=0x1) returned 0x324ce0 [0059.316] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.316] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.316] GetLastError () returned 0x7a [0059.316] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x134, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29ee8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletinputservice", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0059.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletinputservice", cchWideChar=18, lpMultiByteStr=0x1e29ee8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tabletinputservice", lpUsedDefaultChar=0x0) returned 18 [0059.317] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TabletInputService", dwDesiredAccess=0x1) returned 0x324dd0 [0059.317] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.317] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.317] GetLastError () returned 0x7a [0059.317] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x15e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29f30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tapisrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tapisrv", cchWideChar=7, lpMultiByteStr=0x1e29f30, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tapisrv", lpUsedDefaultChar=0x0) returned 7 [0059.318] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TapiSrv", dwDesiredAccess=0x1) returned 0x324cb8 [0059.318] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.318] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.318] GetLastError () returned 0x7a [0059.319] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x136, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29f78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tbs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tbs", cchWideChar=3, lpMultiByteStr=0x1e29f78, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tbs", lpUsedDefaultChar=0x0) returned 3 [0059.319] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TBS", dwDesiredAccess=0x1) returned 0x324d80 [0059.319] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.319] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.319] GetLastError () returned 0x7a [0059.320] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x146, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e29fc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservice", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservice", cchWideChar=11, lpMultiByteStr=0x1e29fc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="termservice", lpUsedDefaultChar=0x0) returned 11 [0059.320] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TermService", dwDesiredAccess=0x1) returned 0x324ce0 [0059.320] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.320] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.320] GetLastError () returned 0x7a [0059.321] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e2a008, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="themes", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="themes", cchWideChar=6, lpMultiByteStr=0x1e2a008, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="themes", lpUsedDefaultChar=0x0) returned 6 [0059.321] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Themes", dwDesiredAccess=0x1) returned 0x324dd0 [0059.321] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.321] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.322] GetLastError () returned 0x7a [0059.322] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x100, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e2a050, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="threadorder", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="threadorder", cchWideChar=11, lpMultiByteStr=0x1e2a050, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="threadorder", lpUsedDefaultChar=0x0) returned 11 [0059.322] OpenServiceW (hSCManager=0x324bf0, lpServiceName="THREADORDER", dwDesiredAccess=0x1) returned 0x324cb8 [0059.322] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.322] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.323] GetLastError () returned 0x7a [0059.323] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x12c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1e2a050, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="trkwks", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="trkwks", cchWideChar=6, lpMultiByteStr=0x1d940c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trkwks", lpUsedDefaultChar=0x0) returned 6 [0059.323] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TrkWks", dwDesiredAccess=0x1) returned 0x324d80 [0059.323] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.323] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.324] GetLastError () returned 0x7a [0059.324] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d940c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="trustedinstaller", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0059.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="trustedinstaller", cchWideChar=16, lpMultiByteStr=0x1d94108, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trustedinstaller", lpUsedDefaultChar=0x0) returned 16 [0059.324] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TrustedInstaller", dwDesiredAccess=0x1) returned 0x324ce0 [0059.324] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.325] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.325] GetLastError () returned 0x7a [0059.325] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x124, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="trustedinstaller.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0059.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="trustedinstaller.exe", cchWideChar=20, lpMultiByteStr=0x1d94150, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trustedinstaller.exe", lpUsedDefaultChar=0x0) returned 20 [0059.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ui0detect", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ui0detect", cchWideChar=9, lpMultiByteStr=0x1d94150, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ui0detect", lpUsedDefaultChar=0x0) returned 9 [0059.325] OpenServiceW (hSCManager=0x324bf0, lpServiceName="UI0Detect", dwDesiredAccess=0x1) returned 0x324dd0 [0059.326] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.326] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.326] GetLastError () returned 0x7a [0059.326] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x104, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ui0detect.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ui0detect.exe", cchWideChar=13, lpMultiByteStr=0x1d94198, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ui0detect.exe", lpUsedDefaultChar=0x0) returned 13 [0059.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="umrdpservice", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="umrdpservice", cchWideChar=12, lpMultiByteStr=0x1d94198, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="umrdpservice", lpUsedDefaultChar=0x0) returned 12 [0059.326] OpenServiceW (hSCManager=0x324bf0, lpServiceName="UmRdpService", dwDesiredAccess=0x1) returned 0x324cb8 [0059.327] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.327] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.327] GetLastError () returned 0x7a [0059.327] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x186, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d941e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnphost", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnphost", cchWideChar=8, lpMultiByteStr=0x1d941e0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="upnphost", lpUsedDefaultChar=0x0) returned 8 [0059.327] OpenServiceW (hSCManager=0x324bf0, lpServiceName="upnphost", dwDesiredAccess=0x1) returned 0x324d80 [0059.328] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.328] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.328] GetLastError () returned 0x7a [0059.328] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x15c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94228, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="uxsms", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="uxsms", cchWideChar=5, lpMultiByteStr=0x1d94228, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="uxsms", lpUsedDefaultChar=0x0) returned 5 [0059.328] OpenServiceW (hSCManager=0x324bf0, lpServiceName="UxSms", dwDesiredAccess=0x1) returned 0x324ce0 [0059.329] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.329] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.329] GetLastError () returned 0x7a [0059.329] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x15e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94270, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vaultsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vaultsvc", cchWideChar=8, lpMultiByteStr=0x1d94270, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vaultsvc", lpUsedDefaultChar=0x0) returned 8 [0059.330] OpenServiceW (hSCManager=0x324bf0, lpServiceName="VaultSvc", dwDesiredAccess=0x1) returned 0x324dd0 [0059.330] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.330] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.330] GetLastError () returned 0x7a [0059.330] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0xee, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x1d942b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0059.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vds", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vds", cchWideChar=3, lpMultiByteStr=0x1d942b8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vds", lpUsedDefaultChar=0x0) returned 3 [0059.331] OpenServiceW (hSCManager=0x324bf0, lpServiceName="vds", dwDesiredAccess=0x1) returned 0x324cb8 [0059.331] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.331] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.331] GetLastError () returned 0x7a [0059.331] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0xf0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vds.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vds.exe", cchWideChar=7, lpMultiByteStr=0x1d94300, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vds.exe", lpUsedDefaultChar=0x0) returned 7 [0059.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vss", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vss", cchWideChar=3, lpMultiByteStr=0x1d94300, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vss", lpUsedDefaultChar=0x0) returned 3 [0059.332] OpenServiceW (hSCManager=0x324bf0, lpServiceName="VSS", dwDesiredAccess=0x1) returned 0x324d80 [0059.332] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.332] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.332] GetLastError () returned 0x7a [0059.332] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0xee, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssvc.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssvc.exe", cchWideChar=9, lpMultiByteStr=0x1d94348, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssvc.exe", lpUsedDefaultChar=0x0) returned 9 [0059.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="w32time", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="w32time", cchWideChar=7, lpMultiByteStr=0x1d94348, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="w32time", lpUsedDefaultChar=0x0) returned 7 [0059.333] OpenServiceW (hSCManager=0x324bf0, lpServiceName="W32Time", dwDesiredAccess=0x1) returned 0x324ce0 [0059.333] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.333] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.333] GetLastError () returned 0x7a [0059.333] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x118, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94390, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbengine", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbengine", cchWideChar=8, lpMultiByteStr=0x1d94390, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbengine", lpUsedDefaultChar=0x0) returned 8 [0059.334] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wbengine", dwDesiredAccess=0x1) returned 0x324dd0 [0059.334] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.334] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.334] GetLastError () returned 0x7a [0059.334] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x10c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbengine.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbengine.exe", cchWideChar=12, lpMultiByteStr=0x1d943d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbengine.exe", lpUsedDefaultChar=0x0) returned 12 [0059.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbiosrvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbiosrvc", cchWideChar=8, lpMultiByteStr=0x1d943d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbiosrvc", lpUsedDefaultChar=0x0) returned 8 [0059.335] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WbioSrvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.336] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.336] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.336] GetLastError () returned 0x7a [0059.336] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x15e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94420, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wcncsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wcncsvc", cchWideChar=7, lpMultiByteStr=0x1d94420, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wcncsvc", lpUsedDefaultChar=0x0) returned 7 [0059.337] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wcncsvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.337] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.337] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.337] GetLastError () returned 0x7a [0059.337] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x17a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94468, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wcspluginservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0059.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wcspluginservice", cchWideChar=16, lpMultiByteStr=0x1d94468, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wcspluginservice", lpUsedDefaultChar=0x0) returned 16 [0059.338] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WcsPlugInService", dwDesiredAccess=0x1) returned 0x324ce0 [0059.338] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.338] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.338] GetLastError () returned 0x7a [0059.339] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x126, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d944b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wdiservicehost", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0059.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wdiservicehost", cchWideChar=14, lpMultiByteStr=0x1d944b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wdiservicehost", lpUsedDefaultChar=0x0) returned 14 [0059.339] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WdiServiceHost", dwDesiredAccess=0x1) returned 0x324dd0 [0059.339] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.339] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.340] GetLastError () returned 0x7a [0059.340] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x12e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d944f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wdisystemhost", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wdisystemhost", cchWideChar=13, lpMultiByteStr=0x1d944f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wdisystemhost", lpUsedDefaultChar=0x0) returned 13 [0059.340] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WdiSystemHost", dwDesiredAccess=0x1) returned 0x324cb8 [0059.340] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.341] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.341] GetLastError () returned 0x7a [0059.341] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x130, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94540, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="webclient", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="webclient", cchWideChar=9, lpMultiByteStr=0x1d94540, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webclient", lpUsedDefaultChar=0x0) returned 9 [0059.341] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WebClient", dwDesiredAccess=0x1) returned 0x324d80 [0059.342] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.342] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.342] GetLastError () returned 0x7a [0059.342] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x13c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94588, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wecsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wecsvc", cchWideChar=6, lpMultiByteStr=0x1d94588, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wecsvc", lpUsedDefaultChar=0x0) returned 6 [0059.342] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Wecsvc", dwDesiredAccess=0x1) returned 0x324ce0 [0059.343] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.343] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.343] GetLastError () returned 0x7a [0059.343] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x150, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d945d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wercplsupport", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wercplsupport", cchWideChar=13, lpMultiByteStr=0x1d945d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wercplsupport", lpUsedDefaultChar=0x0) returned 13 [0059.344] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wercplsupport", dwDesiredAccess=0x1) returned 0x324dd0 [0059.344] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.344] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.344] GetLastError () returned 0x7a [0059.345] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x140, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94618, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wersvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wersvc", cchWideChar=6, lpMultiByteStr=0x1d94618, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wersvc", lpUsedDefaultChar=0x0) returned 6 [0059.345] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WerSvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.345] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.345] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.346] GetLastError () returned 0x7a [0059.346] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x120, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94660, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windefend", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windefend", cchWideChar=9, lpMultiByteStr=0x1d94660, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="windefend", lpUsedDefaultChar=0x0) returned 9 [0059.346] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WinDefend", dwDesiredAccess=0x1) returned 0x324d80 [0059.346] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.347] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.347] GetLastError () returned 0x7a [0059.347] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x104, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d946a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winhttpautoproxysvc", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0059.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winhttpautoproxysvc", cchWideChar=19, lpMultiByteStr=0x1d946a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winhttpautoproxysvc", lpUsedDefaultChar=0x0) returned 19 [0059.347] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WinHttpAutoProxySvc", dwDesiredAccess=0x1) returned 0x324ce0 [0059.348] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.348] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.348] GetLastError () returned 0x7a [0059.348] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x158, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d946f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winmgmt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winmgmt", cchWideChar=7, lpMultiByteStr=0x1d946f0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winmgmt", lpUsedDefaultChar=0x0) returned 7 [0059.348] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Winmgmt", dwDesiredAccess=0x1) returned 0x324dd0 [0059.349] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.349] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.349] GetLastError () returned 0x7a [0059.349] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x128, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94738, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winrm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winrm", cchWideChar=5, lpMultiByteStr=0x1d94738, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winrm", lpUsedDefaultChar=0x0) returned 5 [0059.350] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WinRM", dwDesiredAccess=0x1) returned 0x324cb8 [0059.350] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.350] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.350] GetLastError () returned 0x7a [0059.350] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x16e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94780, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wlansvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wlansvc", cchWideChar=7, lpMultiByteStr=0x1d94780, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wlansvc", lpUsedDefaultChar=0x0) returned 7 [0059.351] OpenServiceW (hSCManager=0x324bf0, lpServiceName="Wlansvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.351] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.351] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.351] GetLastError () returned 0x7a [0059.351] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x16a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d947c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmiapsrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmiapsrv", cchWideChar=8, lpMultiByteStr=0x1d947c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmiapsrv", lpUsedDefaultChar=0x0) returned 8 [0059.352] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wmiApSrv", dwDesiredAccess=0x1) returned 0x324ce0 [0059.352] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.352] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.352] GetLastError () returned 0x7a [0059.352] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0xfe, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmiapsrv.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmiapsrv.exe", cchWideChar=12, lpMultiByteStr=0x1d94810, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmiapsrv.exe", lpUsedDefaultChar=0x0) returned 12 [0059.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmpnetworksvc", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmpnetworksvc", cchWideChar=13, lpMultiByteStr=0x1d94810, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmpnetworksvc", lpUsedDefaultChar=0x0) returned 13 [0059.353] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WMPNetworkSvc", dwDesiredAccess=0x1) returned 0x324dd0 [0059.353] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.353] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.353] GetLastError () returned 0x7a [0059.353] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x16e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmpnetwk.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wmpnetwk.exe", cchWideChar=12, lpMultiByteStr=0x1d94858, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmpnetwk.exe", lpUsedDefaultChar=0x0) returned 12 [0059.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpcsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpcsvc", cchWideChar=6, lpMultiByteStr=0x1d94858, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wpcsvc", lpUsedDefaultChar=0x0) returned 6 [0059.354] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WPCSvc", dwDesiredAccess=0x1) returned 0x324cb8 [0059.354] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.354] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.354] GetLastError () returned 0x7a [0059.354] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x14e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d948a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpdbusenum", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0059.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpdbusenum", cchWideChar=10, lpMultiByteStr=0x1d948a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wpdbusenum", lpUsedDefaultChar=0x0) returned 10 [0059.355] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WPDBusEnum", dwDesiredAccess=0x1) returned 0x324d80 [0059.355] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.355] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.355] GetLastError () returned 0x7a [0059.355] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x152, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d948e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wscsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wscsvc", cchWideChar=6, lpMultiByteStr=0x1d948e8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wscsvc", lpUsedDefaultChar=0x0) returned 6 [0059.356] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wscsvc", dwDesiredAccess=0x1) returned 0x324ce0 [0059.356] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.356] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.357] GetLastError () returned 0x7a [0059.357] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x15a, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94930, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wsearch", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wsearch", cchWideChar=7, lpMultiByteStr=0x1d94930, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wsearch", lpUsedDefaultChar=0x0) returned 7 [0059.357] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WSearch", dwDesiredAccess=0x1) returned 0x324dd0 [0059.358] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.358] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.358] GetLastError () returned 0x7a [0059.358] QueryServiceConfigW (in: hService=0x324dd0, lpServiceConfig=0x1d836e8, cbBufSize=0x10c, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="searchindexer.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="searchindexer.exe", cchWideChar=17, lpMultiByteStr=0x1d94978, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="searchindexer.exe", lpUsedDefaultChar=0x0) returned 17 [0059.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wuauserv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wuauserv", cchWideChar=8, lpMultiByteStr=0x1d94978, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wuauserv", lpUsedDefaultChar=0x0) returned 8 [0059.358] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wuauserv", dwDesiredAccess=0x1) returned 0x324cb8 [0059.359] CloseServiceHandle (hSCObject=0x324dd0) returned 1 [0059.359] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.359] GetLastError () returned 0x7a [0059.359] QueryServiceConfigW (in: hService=0x324cb8, lpServiceConfig=0x1d836e8, cbBufSize=0x100, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d949c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wudfsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wudfsvc", cchWideChar=7, lpMultiByteStr=0x1d949c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wudfsvc", lpUsedDefaultChar=0x0) returned 7 [0059.360] OpenServiceW (hSCManager=0x324bf0, lpServiceName="wudfsvc", dwDesiredAccess=0x1) returned 0x324d80 [0059.360] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.360] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.360] GetLastError () returned 0x7a [0059.360] QueryServiceConfigW (in: hService=0x324d80, lpServiceConfig=0x1d836e8, cbBufSize=0x19e, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94a08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wwansvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wwansvc", cchWideChar=7, lpMultiByteStr=0x1d94a08, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wwansvc", lpUsedDefaultChar=0x0) returned 7 [0059.361] OpenServiceW (hSCManager=0x324bf0, lpServiceName="WwanSvc", dwDesiredAccess=0x1) returned 0x324ce0 [0059.361] CloseServiceHandle (hSCObject=0x324d80) returned 1 [0059.361] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x0, pcbBytesNeeded=0x18fbf4) returned 0 [0059.361] GetLastError () returned 0x7a [0059.361] QueryServiceConfigW (in: hService=0x324ce0, lpServiceConfig=0x1d836e8, cbBufSize=0x170, pcbBytesNeeded=0x18fbf4 | out: lpServiceConfig=0x1d836e8, pcbBytesNeeded=0x18fbf4) returned 1 [0059.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x1d94a50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0059.361] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.362] CryptAcquireContextW (in: phProv=0x18fc38, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc38*=0x325220) returned 1 [0059.362] CryptGenRandom (in: hProv=0x325220, dwLen=0x4, pbBuffer=0x18fc4c | out: pbBuffer=0x18fc4c) returned 1 [0059.362] CryptReleaseContext (hProv=0x325220, dwFlags=0x0) returned 1 [0059.363] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TrustedInstaller", dwDesiredAccess=0x20) returned 0x324cb8 [0059.363] ControlService (in: hService=0x324cb8, dwControl=0x1, lpServiceStatus=0x18fba4 | out: lpServiceStatus=0x18fba4*(dwServiceType=0x10, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0059.363] GetLastError () returned 0x426 [0059.363] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0059.363] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0059.363] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0059.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x1d94a98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0059.364] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0059.364] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="SAM") returned 0x0 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0059.364] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0059.364] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0059.364] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="SYSTEM") returned 0x0 [0059.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0059.365] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x164) returned 0x0 [0059.365] RegCloseKey (hKey=0x80000002) returned 0x0 [0059.365] RegEnumKeyW (in: hKey=0x164, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet001") returned 0x0 [0059.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x1d94a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset001", lpUsedDefaultChar=0x0) returned 13 [0059.365] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet002") returned 0x0 [0059.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x1d94ae0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset002", lpUsedDefaultChar=0x0) returned 13 [0059.365] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="MountedDevices") returned 0x0 [0059.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x1d94a98, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mounteddevices", lpUsedDefaultChar=0x0) returned 14 [0059.366] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="RNG") returned 0x0 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rng", lpUsedDefaultChar=0x0) returned 3 [0059.366] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="Select") returned 0x0 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="select", lpUsedDefaultChar=0x0) returned 6 [0059.366] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="Setup") returned 0x0 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setup", lpUsedDefaultChar=0x0) returned 5 [0059.366] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName="Software") returned 0x0 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0059.367] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="WPA") returned 0x0 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wpa", lpUsedDefaultChar=0x0) returned 3 [0059.367] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="CurrentControlSet") returned 0x0 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x1d94a98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentcontrolset", lpUsedDefaultChar=0x0) returned 17 [0059.367] RegOpenKeyExW (in: hKey=0x164, lpSubKey="CurrentControlSet", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0xcc) returned 0x0 [0059.367] RegCloseKey (hKey=0x164) returned 0x0 [0059.367] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="Control") returned 0x0 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control", lpUsedDefaultChar=0x0) returned 7 [0059.367] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="Enum") returned 0x0 [0059.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enum", lpUsedDefaultChar=0x0) returned 4 [0059.368] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="Hardware Profiles") returned 0x0 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x1d94ae0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware profiles", lpUsedDefaultChar=0x0) returned 17 [0059.368] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="Policies") returned 0x0 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0059.368] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="services") returned 0x0 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services", lpUsedDefaultChar=0x0) returned 8 [0059.368] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="services", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x164) returned 0x0 [0059.368] RegCloseKey (hKey=0xcc) returned 0x0 [0059.368] RegEnumKeyW (in: hKey=0x164, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Data") returned 0x0 [0059.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x1d94a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr data", lpUsedDefaultChar=0x0) returned 13 [0059.369] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking") returned 0x0 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x1d94ae0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking", lpUsedDefaultChar=0x0) returned 19 [0059.369] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking 4.0.0.0") returned 0x0 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x1d94a98, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking 4.0.0.0", lpUsedDefaultChar=0x0) returned 27 [0059.369] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for Oracle") returned 0x0 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x1d94ae0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for oracle", lpUsedDefaultChar=0x0) returned 29 [0059.369] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for SqlServer") returned 0x0 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x1d94a98, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for sqlserver", lpUsedDefaultChar=0x0) returned 32 [0059.369] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Memory Cache 4.0") returned 0x0 [0059.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x1d94ae0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net memory cache 4.0", lpUsedDefaultChar=0x0) returned 21 [0059.370] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x1d94a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0059.370] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="1394ohci") returned 0x0 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1394ohci", lpUsedDefaultChar=0x0) returned 8 [0059.370] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acpi", lpUsedDefaultChar=0x0) returned 4 [0059.370] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9, lpName=0x1d87360, cchName=0x104 | out: lpName="AcpiPmi") returned 0x0 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpipmi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpipmi", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acpipmi", lpUsedDefaultChar=0x0) returned 7 [0059.370] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa, lpName=0x1d87360, cchName=0x104 | out: lpName="AdobeFlashPlayerUpdateSvc") returned 0x0 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x1d94a98, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adobeflashplayerupdatesvc", lpUsedDefaultChar=0x0) returned 25 [0059.371] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb, lpName=0x1d87360, cchName=0x104 | out: lpName="adp94xx") returned 0x0 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adp94xx", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adp94xx", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adp94xx", lpUsedDefaultChar=0x0) returned 7 [0059.371] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc, lpName=0x1d87360, cchName=0x104 | out: lpName="adpahci") returned 0x0 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpahci", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpahci", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adpahci", lpUsedDefaultChar=0x0) returned 7 [0059.371] RegEnumKeyW (in: hKey=0x164, dwIndex=0xd, lpName=0x1d87360, cchName=0x104 | out: lpName="adpu320") returned 0x0 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpu320", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpu320", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adpu320", lpUsedDefaultChar=0x0) returned 7 [0059.371] RegEnumKeyW (in: hKey=0x164, dwIndex=0xe, lpName=0x1d87360, cchName=0x104 | out: lpName="adsi") returned 0x0 [0059.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adsi", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adsi", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adsi", lpUsedDefaultChar=0x0) returned 4 [0059.372] RegEnumKeyW (in: hKey=0x164, dwIndex=0xf, lpName=0x1d87360, cchName=0x104 | out: lpName="AeLookupSvc") returned 0x0 [0059.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x1d94ae0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aelookupsvc", lpUsedDefaultChar=0x0) returned 11 [0059.372] RegEnumKeyW (in: hKey=0x164, dwIndex=0x10, lpName=0x1d87360, cchName=0x104 | out: lpName="AFD") returned 0x0 [0059.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="afd", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="afd", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afd", lpUsedDefaultChar=0x0) returned 3 [0059.373] RegEnumKeyW (in: hKey=0x164, dwIndex=0x11, lpName=0x1d87360, cchName=0x104 | out: lpName="agp440") returned 0x0 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="agp440", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="agp440", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="agp440", lpUsedDefaultChar=0x0) returned 6 [0059.373] RegEnumKeyW (in: hKey=0x164, dwIndex=0x12, lpName=0x1d87360, cchName=0x104 | out: lpName="ALG") returned 0x0 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0059.373] RegEnumKeyW (in: hKey=0x164, dwIndex=0x13, lpName=0x1d87360, cchName=0x104 | out: lpName="aliide") returned 0x0 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aliide", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aliide", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aliide", lpUsedDefaultChar=0x0) returned 6 [0059.373] RegEnumKeyW (in: hKey=0x164, dwIndex=0x14, lpName=0x1d87360, cchName=0x104 | out: lpName="amdide") returned 0x0 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdide", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdide", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdide", lpUsedDefaultChar=0x0) returned 6 [0059.373] RegEnumKeyW (in: hKey=0x164, dwIndex=0x15, lpName=0x1d87360, cchName=0x104 | out: lpName="AmdK8") returned 0x0 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdk8", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdk8", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdk8", lpUsedDefaultChar=0x0) returned 5 [0059.374] RegEnumKeyW (in: hKey=0x164, dwIndex=0x16, lpName=0x1d87360, cchName=0x104 | out: lpName="AmdPPM") returned 0x0 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdppm", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdppm", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdppm", lpUsedDefaultChar=0x0) returned 6 [0059.374] RegEnumKeyW (in: hKey=0x164, dwIndex=0x17, lpName=0x1d87360, cchName=0x104 | out: lpName="amdsata") returned 0x0 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsata", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsata", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdsata", lpUsedDefaultChar=0x0) returned 7 [0059.374] RegEnumKeyW (in: hKey=0x164, dwIndex=0x18, lpName=0x1d87360, cchName=0x104 | out: lpName="amdsbs") returned 0x0 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsbs", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsbs", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdsbs", lpUsedDefaultChar=0x0) returned 6 [0059.374] RegEnumKeyW (in: hKey=0x164, dwIndex=0x19, lpName=0x1d87360, cchName=0x104 | out: lpName="amdxata") returned 0x0 [0059.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdxata", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdxata", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdxata", lpUsedDefaultChar=0x0) returned 7 [0059.375] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1a, lpName=0x1d87360, cchName=0x104 | out: lpName="AppID") returned 0x0 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appid", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appid", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appid", lpUsedDefaultChar=0x0) returned 5 [0059.375] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1b, lpName=0x1d87360, cchName=0x104 | out: lpName="AppIDSvc") returned 0x0 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appidsvc", lpUsedDefaultChar=0x0) returned 8 [0059.375] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1c, lpName=0x1d87360, cchName=0x104 | out: lpName="Appinfo") returned 0x0 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appinfo", lpUsedDefaultChar=0x0) returned 7 [0059.375] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1d, lpName=0x1d87360, cchName=0x104 | out: lpName="AppMgmt") returned 0x0 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appmgmt", lpUsedDefaultChar=0x0) returned 7 [0059.376] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1e, lpName=0x1d87360, cchName=0x104 | out: lpName="arc") returned 0x0 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arc", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="arc", lpUsedDefaultChar=0x0) returned 3 [0059.376] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1f, lpName=0x1d87360, cchName=0x104 | out: lpName="arcsas") returned 0x0 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arcsas", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arcsas", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="arcsas", lpUsedDefaultChar=0x0) returned 6 [0059.376] RegEnumKeyW (in: hKey=0x164, dwIndex=0x20, lpName=0x1d87360, cchName=0x104 | out: lpName="ASP.NET") returned 0x0 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net", lpUsedDefaultChar=0x0) returned 7 [0059.376] RegEnumKeyW (in: hKey=0x164, dwIndex=0x21, lpName=0x1d87360, cchName=0x104 | out: lpName="ASP.NET_4.0.30319") returned 0x0 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net_4.0.30319", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net_4.0.30319", cchWideChar=17, lpMultiByteStr=0x1d94ae0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net_4.0.30319", lpUsedDefaultChar=0x0) returned 17 [0059.376] RegEnumKeyW (in: hKey=0x164, dwIndex=0x22, lpName=0x1d87360, cchName=0x104 | out: lpName="aspnet_state") returned 0x0 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x1d94a98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aspnet_state", lpUsedDefaultChar=0x0) returned 12 [0059.377] RegEnumKeyW (in: hKey=0x164, dwIndex=0x23, lpName=0x1d87360, cchName=0x104 | out: lpName="AsyncMac") returned 0x0 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asyncmac", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asyncmac", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asyncmac", lpUsedDefaultChar=0x0) returned 8 [0059.377] RegEnumKeyW (in: hKey=0x164, dwIndex=0x24, lpName=0x1d87360, cchName=0x104 | out: lpName="atapi") returned 0x0 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="atapi", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="atapi", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="atapi", lpUsedDefaultChar=0x0) returned 5 [0059.377] RegEnumKeyW (in: hKey=0x164, dwIndex=0x25, lpName=0x1d87360, cchName=0x104 | out: lpName="AudioEndpointBuilder") returned 0x0 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x1d94ae0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audioendpointbuilder", lpUsedDefaultChar=0x0) returned 20 [0059.377] RegEnumKeyW (in: hKey=0x164, dwIndex=0x26, lpName=0x1d87360, cchName=0x104 | out: lpName="AudioSrv") returned 0x0 [0059.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiosrv", lpUsedDefaultChar=0x0) returned 8 [0059.378] RegEnumKeyW (in: hKey=0x164, dwIndex=0x27, lpName=0x1d87360, cchName=0x104 | out: lpName="AxInstSV") returned 0x0 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="axinstsv", lpUsedDefaultChar=0x0) returned 8 [0059.378] RegEnumKeyW (in: hKey=0x164, dwIndex=0x28, lpName=0x1d87360, cchName=0x104 | out: lpName="b06bdrv") returned 0x0 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b06bdrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b06bdrv", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="b06bdrv", lpUsedDefaultChar=0x0) returned 7 [0059.378] RegEnumKeyW (in: hKey=0x164, dwIndex=0x29, lpName=0x1d87360, cchName=0x104 | out: lpName="b57nd60a") returned 0x0 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b57nd60a", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b57nd60a", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="b57nd60a", lpUsedDefaultChar=0x0) returned 8 [0059.378] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2a, lpName=0x1d87360, cchName=0x104 | out: lpName="BattC") returned 0x0 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="battc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="battc", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="battc", lpUsedDefaultChar=0x0) returned 5 [0059.378] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2b, lpName=0x1d87360, cchName=0x104 | out: lpName="BDESVC") returned 0x0 [0059.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bdesvc", lpUsedDefaultChar=0x0) returned 6 [0059.379] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2c, lpName=0x1d87360, cchName=0x104 | out: lpName="Beep") returned 0x0 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="beep", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="beep", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="beep", lpUsedDefaultChar=0x0) returned 4 [0059.379] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2d, lpName=0x1d87360, cchName=0x104 | out: lpName="BFE") returned 0x0 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bfe", lpUsedDefaultChar=0x0) returned 3 [0059.379] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2e, lpName=0x1d87360, cchName=0x104 | out: lpName="BITS") returned 0x0 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0059.379] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2f, lpName=0x1d87360, cchName=0x104 | out: lpName="blbdrive") returned 0x0 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="blbdrive", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="blbdrive", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="blbdrive", lpUsedDefaultChar=0x0) returned 8 [0059.379] RegEnumKeyW (in: hKey=0x164, dwIndex=0x30, lpName=0x1d87360, cchName=0x104 | out: lpName="bowser") returned 0x0 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bowser", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bowser", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bowser", lpUsedDefaultChar=0x0) returned 6 [0059.380] RegEnumKeyW (in: hKey=0x164, dwIndex=0x31, lpName=0x1d87360, cchName=0x104 | out: lpName="BrFiltLo") returned 0x0 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltlo", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltlo", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brfiltlo", lpUsedDefaultChar=0x0) returned 8 [0059.380] RegEnumKeyW (in: hKey=0x164, dwIndex=0x32, lpName=0x1d87360, cchName=0x104 | out: lpName="BrFiltUp") returned 0x0 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltup", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltup", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brfiltup", lpUsedDefaultChar=0x0) returned 8 [0059.380] RegEnumKeyW (in: hKey=0x164, dwIndex=0x33, lpName=0x1d87360, cchName=0x104 | out: lpName="Browser") returned 0x0 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="browser", lpUsedDefaultChar=0x0) returned 7 [0059.380] RegEnumKeyW (in: hKey=0x164, dwIndex=0x34, lpName=0x1d87360, cchName=0x104 | out: lpName="Brserid") returned 0x0 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserid", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserid", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brserid", lpUsedDefaultChar=0x0) returned 7 [0059.381] RegEnumKeyW (in: hKey=0x164, dwIndex=0x35, lpName=0x1d87360, cchName=0x104 | out: lpName="BrSerWdm") returned 0x0 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserwdm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserwdm", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brserwdm", lpUsedDefaultChar=0x0) returned 8 [0059.381] RegEnumKeyW (in: hKey=0x164, dwIndex=0x36, lpName=0x1d87360, cchName=0x104 | out: lpName="BrUsbMdm") returned 0x0 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbmdm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbmdm", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brusbmdm", lpUsedDefaultChar=0x0) returned 8 [0059.381] RegEnumKeyW (in: hKey=0x164, dwIndex=0x37, lpName=0x1d87360, cchName=0x104 | out: lpName="BrUsbSer") returned 0x0 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbser", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbser", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brusbser", lpUsedDefaultChar=0x0) returned 8 [0059.381] RegEnumKeyW (in: hKey=0x164, dwIndex=0x38, lpName=0x1d87360, cchName=0x104 | out: lpName="BTHMODEM") returned 0x0 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthmodem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthmodem", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthmodem", lpUsedDefaultChar=0x0) returned 8 [0059.381] RegEnumKeyW (in: hKey=0x164, dwIndex=0x39, lpName=0x1d87360, cchName=0x104 | out: lpName="BTHPORT") returned 0x0 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthport", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthport", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthport", lpUsedDefaultChar=0x0) returned 7 [0059.382] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3a, lpName=0x1d87360, cchName=0x104 | out: lpName="bthserv") returned 0x0 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthserv", lpUsedDefaultChar=0x0) returned 7 [0059.382] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3b, lpName=0x1d87360, cchName=0x104 | out: lpName="cdfs") returned 0x0 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdfs", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdfs", cchWideChar=4, lpMultiByteStr=0x1d94ae0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cdfs", lpUsedDefaultChar=0x0) returned 4 [0059.382] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3c, lpName=0x1d87360, cchName=0x104 | out: lpName="cdrom") returned 0x0 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdrom", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdrom", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cdrom", lpUsedDefaultChar=0x0) returned 5 [0059.382] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3d, lpName=0x1d87360, cchName=0x104 | out: lpName="CertPropSvc") returned 0x0 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x1d94ae0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="certpropsvc", lpUsedDefaultChar=0x0) returned 11 [0059.383] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3e, lpName=0x1d87360, cchName=0x104 | out: lpName="circlass") returned 0x0 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="circlass", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="circlass", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="circlass", lpUsedDefaultChar=0x0) returned 8 [0059.383] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3f, lpName=0x1d87360, cchName=0x104 | out: lpName="CLFS") returned 0x0 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clfs", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clfs", cchWideChar=4, lpMultiByteStr=0x1d94ae0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clfs", lpUsedDefaultChar=0x0) returned 4 [0059.383] RegEnumKeyW (in: hKey=0x164, dwIndex=0x40, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v2.0.50727_32") returned 0x0 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x1d94a98, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_32", lpUsedDefaultChar=0x0) returned 30 [0059.383] RegEnumKeyW (in: hKey=0x164, dwIndex=0x41, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v2.0.50727_64") returned 0x0 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0059.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x1d94ae0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_64", lpUsedDefaultChar=0x0) returned 30 [0059.383] RegEnumKeyW (in: hKey=0x164, dwIndex=0x42, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v4.0.30319_32") returned 0x0 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x1d94a98, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_32", lpUsedDefaultChar=0x0) returned 30 [0059.384] RegEnumKeyW (in: hKey=0x164, dwIndex=0x43, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v4.0.30319_64") returned 0x0 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x1d94ae0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_64", lpUsedDefaultChar=0x0) returned 30 [0059.384] RegEnumKeyW (in: hKey=0x164, dwIndex=0x44, lpName=0x1d87360, cchName=0x104 | out: lpName="CmBatt") returned 0x0 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmbatt", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmbatt", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cmbatt", lpUsedDefaultChar=0x0) returned 6 [0059.384] RegEnumKeyW (in: hKey=0x164, dwIndex=0x45, lpName=0x1d87360, cchName=0x104 | out: lpName="cmdide") returned 0x0 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmdide", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmdide", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cmdide", lpUsedDefaultChar=0x0) returned 6 [0059.384] RegEnumKeyW (in: hKey=0x164, dwIndex=0x46, lpName=0x1d87360, cchName=0x104 | out: lpName="CNG") returned 0x0 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cng", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cng", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cng", lpUsedDefaultChar=0x0) returned 3 [0059.385] RegEnumKeyW (in: hKey=0x164, dwIndex=0x47, lpName=0x1d87360, cchName=0x104 | out: lpName="Compbatt") returned 0x0 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compbatt", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compbatt", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="compbatt", lpUsedDefaultChar=0x0) returned 8 [0059.385] RegEnumKeyW (in: hKey=0x164, dwIndex=0x48, lpName=0x1d87360, cchName=0x104 | out: lpName="CompositeBus") returned 0x0 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compositebus", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compositebus", cchWideChar=12, lpMultiByteStr=0x1d94a98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="compositebus", lpUsedDefaultChar=0x0) returned 12 [0059.385] RegEnumKeyW (in: hKey=0x164, dwIndex=0x49, lpName=0x1d87360, cchName=0x104 | out: lpName="COMSysApp") returned 0x0 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x1d94ae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="comsysapp", lpUsedDefaultChar=0x0) returned 9 [0059.385] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4a, lpName=0x1d87360, cchName=0x104 | out: lpName="crcdisk") returned 0x0 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crcdisk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crcdisk", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crcdisk", lpUsedDefaultChar=0x0) returned 7 [0059.385] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4b, lpName=0x1d87360, cchName=0x104 | out: lpName="crypt32") returned 0x0 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crypt32", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crypt32", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crypt32", lpUsedDefaultChar=0x0) returned 7 [0059.386] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4c, lpName=0x1d87360, cchName=0x104 | out: lpName="CryptSvc") returned 0x0 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptsvc", lpUsedDefaultChar=0x0) returned 8 [0059.386] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4d, lpName=0x1d87360, cchName=0x104 | out: lpName="CSC") returned 0x0 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csc", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csc", lpUsedDefaultChar=0x0) returned 3 [0059.386] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4e, lpName=0x1d87360, cchName=0x104 | out: lpName="CscService") returned 0x0 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x1d94a98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cscservice", lpUsedDefaultChar=0x0) returned 10 [0059.386] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4f, lpName=0x1d87360, cchName=0x104 | out: lpName="DCLocator") returned 0x0 [0059.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dclocator", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dclocator", cchWideChar=9, lpMultiByteStr=0x1d94ae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dclocator", lpUsedDefaultChar=0x0) returned 9 [0059.387] RegEnumKeyW (in: hKey=0x164, dwIndex=0x50, lpName=0x1d87360, cchName=0x104 | out: lpName="DcomLaunch") returned 0x0 [0059.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0059.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x1d94a98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dcomlaunch", lpUsedDefaultChar=0x0) returned 10 [0059.388] RegEnumKeyW (in: hKey=0x164, dwIndex=0x51, lpName=0x1d87360, cchName=0x104 | out: lpName="defragsvc") returned 0x0 [0059.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x1d94ae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="defragsvc", lpUsedDefaultChar=0x0) returned 9 [0059.388] RegEnumKeyW (in: hKey=0x164, dwIndex=0x52, lpName=0x1d87360, cchName=0x104 | out: lpName="DfsC") returned 0x0 [0059.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfsc", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfsc", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfsc", lpUsedDefaultChar=0x0) returned 4 [0059.389] RegEnumKeyW (in: hKey=0x164, dwIndex=0x53, lpName=0x1d87360, cchName=0x104 | out: lpName="Dhcp") returned 0x0 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x1d94ae0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dhcp", lpUsedDefaultChar=0x0) returned 4 [0059.389] RegEnumKeyW (in: hKey=0x164, dwIndex=0x54, lpName=0x1d87360, cchName=0x104 | out: lpName="DiagTrack") returned 0x0 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagtrack", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagtrack", cchWideChar=9, lpMultiByteStr=0x1d94a98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="diagtrack", lpUsedDefaultChar=0x0) returned 9 [0059.389] RegEnumKeyW (in: hKey=0x164, dwIndex=0x55, lpName=0x1d87360, cchName=0x104 | out: lpName="discache") returned 0x0 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="discache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="discache", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="discache", lpUsedDefaultChar=0x0) returned 8 [0059.389] RegEnumKeyW (in: hKey=0x164, dwIndex=0x56, lpName=0x1d87360, cchName=0x104 | out: lpName="Disk") returned 0x0 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="disk", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="disk", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="disk", lpUsedDefaultChar=0x0) returned 4 [0059.389] RegEnumKeyW (in: hKey=0x164, dwIndex=0x57, lpName=0x1d87360, cchName=0x104 | out: lpName="dmvsc") returned 0x0 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dmvsc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dmvsc", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dmvsc", lpUsedDefaultChar=0x0) returned 5 [0059.390] RegEnumKeyW (in: hKey=0x164, dwIndex=0x58, lpName=0x1d87360, cchName=0x104 | out: lpName="Dnscache") returned 0x0 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dnscache", lpUsedDefaultChar=0x0) returned 8 [0059.390] RegEnumKeyW (in: hKey=0x164, dwIndex=0x59, lpName=0x1d87360, cchName=0x104 | out: lpName="dot3svc") returned 0x0 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dot3svc", lpUsedDefaultChar=0x0) returned 7 [0059.390] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5a, lpName=0x1d87360, cchName=0x104 | out: lpName="DPS") returned 0x0 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dps", lpUsedDefaultChar=0x0) returned 3 [0059.390] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5b, lpName=0x1d87360, cchName=0x104 | out: lpName="drmkaud") returned 0x0 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drmkaud", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drmkaud", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drmkaud", lpUsedDefaultChar=0x0) returned 7 [0059.391] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5c, lpName=0x1d87360, cchName=0x104 | out: lpName="DXGKrnl") returned 0x0 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxgkrnl", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxgkrnl", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dxgkrnl", lpUsedDefaultChar=0x0) returned 7 [0059.391] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5d, lpName=0x1d87360, cchName=0x104 | out: lpName="E1G60") returned 0x0 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="e1g60", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="e1g60", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="e1g60", lpUsedDefaultChar=0x0) returned 5 [0059.391] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5e, lpName=0x1d87360, cchName=0x104 | out: lpName="EapHost") returned 0x0 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eaphost", lpUsedDefaultChar=0x0) returned 7 [0059.391] RegEnumKeyW (in: hKey=0x164, dwIndex=0x5f, lpName=0x1d87360, cchName=0x104 | out: lpName="ebdrv") returned 0x0 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ebdrv", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ebdrv", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ebdrv", lpUsedDefaultChar=0x0) returned 5 [0059.391] RegEnumKeyW (in: hKey=0x164, dwIndex=0x60, lpName=0x1d87360, cchName=0x104 | out: lpName="EFS") returned 0x0 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="efs", lpUsedDefaultChar=0x0) returned 3 [0059.392] RegEnumKeyW (in: hKey=0x164, dwIndex=0x61, lpName=0x1d87360, cchName=0x104 | out: lpName="ehRecvr") returned 0x0 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehrecvr", lpUsedDefaultChar=0x0) returned 7 [0059.392] RegEnumKeyW (in: hKey=0x164, dwIndex=0x62, lpName=0x1d87360, cchName=0x104 | out: lpName="ehSched") returned 0x0 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehsched", lpUsedDefaultChar=0x0) returned 7 [0059.392] RegEnumKeyW (in: hKey=0x164, dwIndex=0x63, lpName=0x1d87360, cchName=0x104 | out: lpName="elxstor") returned 0x0 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="elxstor", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="elxstor", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="elxstor", lpUsedDefaultChar=0x0) returned 7 [0059.392] RegEnumKeyW (in: hKey=0x164, dwIndex=0x64, lpName=0x1d87360, cchName=0x104 | out: lpName="ErrDev") returned 0x0 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="errdev", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="errdev", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="errdev", lpUsedDefaultChar=0x0) returned 6 [0059.392] RegEnumKeyW (in: hKey=0x164, dwIndex=0x65, lpName=0x1d87360, cchName=0x104 | out: lpName="ESENT") returned 0x0 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="esent", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="esent", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="esent", lpUsedDefaultChar=0x0) returned 5 [0059.393] RegEnumKeyW (in: hKey=0x164, dwIndex=0x66, lpName=0x1d87360, cchName=0x104 | out: lpName="eventlog") returned 0x0 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventlog", lpUsedDefaultChar=0x0) returned 8 [0059.393] RegEnumKeyW (in: hKey=0x164, dwIndex=0x67, lpName=0x1d87360, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x1d94ae0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0059.393] RegEnumKeyW (in: hKey=0x164, dwIndex=0x68, lpName=0x1d87360, cchName=0x104 | out: lpName="exfat") returned 0x0 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exfat", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exfat", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exfat", lpUsedDefaultChar=0x0) returned 5 [0059.393] RegEnumKeyW (in: hKey=0x164, dwIndex=0x69, lpName=0x1d87360, cchName=0x104 | out: lpName="fastfat") returned 0x0 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fastfat", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fastfat", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fastfat", lpUsedDefaultChar=0x0) returned 7 [0059.394] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6a, lpName=0x1d87360, cchName=0x104 | out: lpName="Fax") returned 0x0 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0059.394] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6b, lpName=0x1d87360, cchName=0x104 | out: lpName="fdc") returned 0x0 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdc", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdc", lpUsedDefaultChar=0x0) returned 3 [0059.394] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6c, lpName=0x1d87360, cchName=0x104 | out: lpName="fdPHost") returned 0x0 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdphost", lpUsedDefaultChar=0x0) returned 7 [0059.394] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6d, lpName=0x1d87360, cchName=0x104 | out: lpName="FDResPub") returned 0x0 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdrespub", lpUsedDefaultChar=0x0) returned 8 [0059.394] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6e, lpName=0x1d87360, cchName=0x104 | out: lpName="FileInfo") returned 0x0 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fileinfo", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fileinfo", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fileinfo", lpUsedDefaultChar=0x0) returned 8 [0059.395] RegEnumKeyW (in: hKey=0x164, dwIndex=0x6f, lpName=0x1d87360, cchName=0x104 | out: lpName="Filetrace") returned 0x0 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="filetrace", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="filetrace", cchWideChar=9, lpMultiByteStr=0x1d94ae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filetrace", lpUsedDefaultChar=0x0) returned 9 [0059.395] RegEnumKeyW (in: hKey=0x164, dwIndex=0x70, lpName=0x1d87360, cchName=0x104 | out: lpName="flpydisk") returned 0x0 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flpydisk", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flpydisk", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flpydisk", lpUsedDefaultChar=0x0) returned 8 [0059.395] RegEnumKeyW (in: hKey=0x164, dwIndex=0x71, lpName=0x1d87360, cchName=0x104 | out: lpName="FltMgr") returned 0x0 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fltmgr", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fltmgr", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fltmgr", lpUsedDefaultChar=0x0) returned 6 [0059.395] RegEnumKeyW (in: hKey=0x164, dwIndex=0x72, lpName=0x1d87360, cchName=0x104 | out: lpName="FontCache") returned 0x0 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x1d94a98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache", lpUsedDefaultChar=0x0) returned 9 [0059.395] RegEnumKeyW (in: hKey=0x164, dwIndex=0x73, lpName=0x1d87360, cchName=0x104 | out: lpName="FontCache3.0.0.0") returned 0x0 [0059.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x1d94ae0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache3.0.0.0", lpUsedDefaultChar=0x0) returned 16 [0059.396] RegEnumKeyW (in: hKey=0x164, dwIndex=0x74, lpName=0x1d87360, cchName=0x104 | out: lpName="FsDepends") returned 0x0 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fsdepends", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fsdepends", cchWideChar=9, lpMultiByteStr=0x1d94a98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fsdepends", lpUsedDefaultChar=0x0) returned 9 [0059.396] RegEnumKeyW (in: hKey=0x164, dwIndex=0x75, lpName=0x1d87360, cchName=0x104 | out: lpName="Fs_Rec") returned 0x0 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fs_rec", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fs_rec", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fs_rec", lpUsedDefaultChar=0x0) returned 6 [0059.396] RegEnumKeyW (in: hKey=0x164, dwIndex=0x76, lpName=0x1d87360, cchName=0x104 | out: lpName="fvevol") returned 0x0 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fvevol", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fvevol", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fvevol", lpUsedDefaultChar=0x0) returned 6 [0059.396] RegEnumKeyW (in: hKey=0x164, dwIndex=0x77, lpName=0x1d87360, cchName=0x104 | out: lpName="gagp30kx") returned 0x0 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gagp30kx", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gagp30kx", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gagp30kx", lpUsedDefaultChar=0x0) returned 8 [0059.396] RegEnumKeyW (in: hKey=0x164, dwIndex=0x78, lpName=0x1d87360, cchName=0x104 | out: lpName="gpsvc") returned 0x0 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpsvc", lpUsedDefaultChar=0x0) returned 5 [0059.397] RegEnumKeyW (in: hKey=0x164, dwIndex=0x79, lpName=0x1d87360, cchName=0x104 | out: lpName="gupdate") returned 0x0 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdate", lpUsedDefaultChar=0x0) returned 7 [0059.397] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7a, lpName=0x1d87360, cchName=0x104 | out: lpName="gupdatem") returned 0x0 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdatem", lpUsedDefaultChar=0x0) returned 8 [0059.397] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7b, lpName=0x1d87360, cchName=0x104 | out: lpName="hcw85cir") returned 0x0 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hcw85cir", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hcw85cir", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hcw85cir", lpUsedDefaultChar=0x0) returned 8 [0059.397] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7c, lpName=0x1d87360, cchName=0x104 | out: lpName="HdAudAddService") returned 0x0 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudaddservice", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0059.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudaddservice", cchWideChar=15, lpMultiByteStr=0x1d94a98, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hdaudaddservice", lpUsedDefaultChar=0x0) returned 15 [0059.398] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7d, lpName=0x1d87360, cchName=0x104 | out: lpName="HDAudBus") returned 0x0 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudbus", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudbus", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hdaudbus", lpUsedDefaultChar=0x0) returned 8 [0059.398] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7e, lpName=0x1d87360, cchName=0x104 | out: lpName="HidBatt") returned 0x0 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbatt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbatt", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidbatt", lpUsedDefaultChar=0x0) returned 7 [0059.398] RegEnumKeyW (in: hKey=0x164, dwIndex=0x7f, lpName=0x1d87360, cchName=0x104 | out: lpName="HidBth") returned 0x0 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbth", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbth", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidbth", lpUsedDefaultChar=0x0) returned 6 [0059.398] RegEnumKeyW (in: hKey=0x164, dwIndex=0x80, lpName=0x1d87360, cchName=0x104 | out: lpName="HidIr") returned 0x0 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidir", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidir", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidir", lpUsedDefaultChar=0x0) returned 5 [0059.398] RegEnumKeyW (in: hKey=0x164, dwIndex=0x81, lpName=0x1d87360, cchName=0x104 | out: lpName="hidserv") returned 0x0 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidserv", lpUsedDefaultChar=0x0) returned 7 [0059.399] RegEnumKeyW (in: hKey=0x164, dwIndex=0x82, lpName=0x1d87360, cchName=0x104 | out: lpName="HidUsb") returned 0x0 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidusb", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidusb", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidusb", lpUsedDefaultChar=0x0) returned 6 [0059.399] RegEnumKeyW (in: hKey=0x164, dwIndex=0x83, lpName=0x1d87360, cchName=0x104 | out: lpName="hkmsvc") returned 0x0 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hkmsvc", lpUsedDefaultChar=0x0) returned 6 [0059.399] RegEnumKeyW (in: hKey=0x164, dwIndex=0x84, lpName=0x1d87360, cchName=0x104 | out: lpName="HomeGroupListener") returned 0x0 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x1d94a98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegrouplistener", lpUsedDefaultChar=0x0) returned 17 [0059.399] RegEnumKeyW (in: hKey=0x164, dwIndex=0x85, lpName=0x1d87360, cchName=0x104 | out: lpName="HomeGroupProvider") returned 0x0 [0059.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x1d94ae0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroupprovider", lpUsedDefaultChar=0x0) returned 17 [0059.400] RegEnumKeyW (in: hKey=0x164, dwIndex=0x86, lpName=0x1d87360, cchName=0x104 | out: lpName="HpSAMD") returned 0x0 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hpsamd", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hpsamd", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hpsamd", lpUsedDefaultChar=0x0) returned 6 [0059.400] RegEnumKeyW (in: hKey=0x164, dwIndex=0x87, lpName=0x1d87360, cchName=0x104 | out: lpName="HTTP") returned 0x0 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="http", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="http", cchWideChar=4, lpMultiByteStr=0x1d94ae0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="http", lpUsedDefaultChar=0x0) returned 4 [0059.400] RegEnumKeyW (in: hKey=0x164, dwIndex=0x88, lpName=0x1d87360, cchName=0x104 | out: lpName="hwpolicy") returned 0x0 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hwpolicy", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hwpolicy", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hwpolicy", lpUsedDefaultChar=0x0) returned 8 [0059.400] RegEnumKeyW (in: hKey=0x164, dwIndex=0x89, lpName=0x1d87360, cchName=0x104 | out: lpName="i8042prt") returned 0x0 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="i8042prt", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="i8042prt", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i8042prt", lpUsedDefaultChar=0x0) returned 8 [0059.400] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8a, lpName=0x1d87360, cchName=0x104 | out: lpName="iaStorV") returned 0x0 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iastorv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iastorv", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iastorv", lpUsedDefaultChar=0x0) returned 7 [0059.401] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8b, lpName=0x1d87360, cchName=0x104 | out: lpName="idsvc") returned 0x0 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idsvc", lpUsedDefaultChar=0x0) returned 5 [0059.401] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8c, lpName=0x1d87360, cchName=0x104 | out: lpName="iirsp") returned 0x0 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iirsp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iirsp", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iirsp", lpUsedDefaultChar=0x0) returned 5 [0059.401] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8d, lpName=0x1d87360, cchName=0x104 | out: lpName="IKEEXT") returned 0x0 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ikeext", lpUsedDefaultChar=0x0) returned 6 [0059.401] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8e, lpName=0x1d87360, cchName=0x104 | out: lpName="inetaccs") returned 0x0 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="inetaccs", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="inetaccs", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="inetaccs", lpUsedDefaultChar=0x0) returned 8 [0059.402] RegEnumKeyW (in: hKey=0x164, dwIndex=0x8f, lpName=0x1d87360, cchName=0x104 | out: lpName="intelide") returned 0x0 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelide", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelide", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intelide", lpUsedDefaultChar=0x0) returned 8 [0059.402] RegEnumKeyW (in: hKey=0x164, dwIndex=0x90, lpName=0x1d87360, cchName=0x104 | out: lpName="intelppm") returned 0x0 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelppm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelppm", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intelppm", lpUsedDefaultChar=0x0) returned 8 [0059.402] RegEnumKeyW (in: hKey=0x164, dwIndex=0x91, lpName=0x1d87360, cchName=0x104 | out: lpName="IPBusEnum") returned 0x0 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x1d94ae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipbusenum", lpUsedDefaultChar=0x0) returned 9 [0059.402] RegEnumKeyW (in: hKey=0x164, dwIndex=0x92, lpName=0x1d87360, cchName=0x104 | out: lpName="IpFilterDriver") returned 0x0 [0059.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipfilterdriver", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipfilterdriver", cchWideChar=14, lpMultiByteStr=0x1d94a98, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipfilterdriver", lpUsedDefaultChar=0x0) returned 14 [0059.409] RegEnumKeyW (in: hKey=0x164, dwIndex=0x93, lpName=0x1d87360, cchName=0x104 | out: lpName="iphlpsvc") returned 0x0 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iphlpsvc", lpUsedDefaultChar=0x0) returned 8 [0059.409] RegEnumKeyW (in: hKey=0x164, dwIndex=0x94, lpName=0x1d87360, cchName=0x104 | out: lpName="IPMIDRV") returned 0x0 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipmidrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipmidrv", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipmidrv", lpUsedDefaultChar=0x0) returned 7 [0059.409] RegEnumKeyW (in: hKey=0x164, dwIndex=0x95, lpName=0x1d87360, cchName=0x104 | out: lpName="IPNAT") returned 0x0 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipnat", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipnat", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipnat", lpUsedDefaultChar=0x0) returned 5 [0059.410] RegEnumKeyW (in: hKey=0x164, dwIndex=0x96, lpName=0x1d87360, cchName=0x104 | out: lpName="IRENUM") returned 0x0 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="irenum", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="irenum", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="irenum", lpUsedDefaultChar=0x0) returned 6 [0059.410] RegEnumKeyW (in: hKey=0x164, dwIndex=0x97, lpName=0x1d87360, cchName=0x104 | out: lpName="isapnp") returned 0x0 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isapnp", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isapnp", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isapnp", lpUsedDefaultChar=0x0) returned 6 [0059.410] RegEnumKeyW (in: hKey=0x164, dwIndex=0x98, lpName=0x1d87360, cchName=0x104 | out: lpName="iScsiPrt") returned 0x0 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iscsiprt", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iscsiprt", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iscsiprt", lpUsedDefaultChar=0x0) returned 8 [0059.410] RegEnumKeyW (in: hKey=0x164, dwIndex=0x99, lpName=0x1d87360, cchName=0x104 | out: lpName="kbdclass") returned 0x0 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdclass", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdclass", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kbdclass", lpUsedDefaultChar=0x0) returned 8 [0059.410] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9a, lpName=0x1d87360, cchName=0x104 | out: lpName="kbdhid") returned 0x0 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdhid", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdhid", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kbdhid", lpUsedDefaultChar=0x0) returned 6 [0059.411] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9b, lpName=0x1d87360, cchName=0x104 | out: lpName="KeyIso") returned 0x0 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keyiso", lpUsedDefaultChar=0x0) returned 6 [0059.411] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9c, lpName=0x1d87360, cchName=0x104 | out: lpName="KSecDD") returned 0x0 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecdd", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecdd", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ksecdd", lpUsedDefaultChar=0x0) returned 6 [0059.411] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9d, lpName=0x1d87360, cchName=0x104 | out: lpName="KSecPkg") returned 0x0 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecpkg", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecpkg", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ksecpkg", lpUsedDefaultChar=0x0) returned 7 [0059.411] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9e, lpName=0x1d87360, cchName=0x104 | out: lpName="ksthunk") returned 0x0 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksthunk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksthunk", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ksthunk", lpUsedDefaultChar=0x0) returned 7 [0059.412] RegEnumKeyW (in: hKey=0x164, dwIndex=0x9f, lpName=0x1d87360, cchName=0x104 | out: lpName="KtmRm") returned 0x0 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ktmrm", lpUsedDefaultChar=0x0) returned 5 [0059.412] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa0, lpName=0x1d87360, cchName=0x104 | out: lpName="LanmanServer") returned 0x0 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x1d94a98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanserver", lpUsedDefaultChar=0x0) returned 12 [0059.412] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa1, lpName=0x1d87360, cchName=0x104 | out: lpName="LanmanWorkstation") returned 0x0 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x1d94ae0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanworkstation", lpUsedDefaultChar=0x0) returned 17 [0059.412] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa2, lpName=0x1d87360, cchName=0x104 | out: lpName="ldap") returned 0x0 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ldap", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ldap", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ldap", lpUsedDefaultChar=0x0) returned 4 [0059.412] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa3, lpName=0x1d87360, cchName=0x104 | out: lpName="lltdio") returned 0x0 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdio", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdio", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lltdio", lpUsedDefaultChar=0x0) returned 6 [0059.413] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa4, lpName=0x1d87360, cchName=0x104 | out: lpName="lltdsvc") returned 0x0 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lltdsvc", lpUsedDefaultChar=0x0) returned 7 [0059.413] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa5, lpName=0x1d87360, cchName=0x104 | out: lpName="lmhosts") returned 0x0 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lmhosts", lpUsedDefaultChar=0x0) returned 7 [0059.413] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa6, lpName=0x1d87360, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsa", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsa", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsa", lpUsedDefaultChar=0x0) returned 3 [0059.413] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa7, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_FC") returned 0x0 [0059.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_fc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_fc", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_fc", lpUsedDefaultChar=0x0) returned 6 [0059.414] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa8, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_SAS") returned 0x0 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_sas", lpUsedDefaultChar=0x0) returned 7 [0059.414] RegEnumKeyW (in: hKey=0x164, dwIndex=0xa9, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_SAS2") returned 0x0 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas2", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas2", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_sas2", lpUsedDefaultChar=0x0) returned 8 [0059.414] RegEnumKeyW (in: hKey=0x164, dwIndex=0xaa, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_SCSI") returned 0x0 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_scsi", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_scsi", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_scsi", lpUsedDefaultChar=0x0) returned 8 [0059.414] RegEnumKeyW (in: hKey=0x164, dwIndex=0xab, lpName=0x1d87360, cchName=0x104 | out: lpName="luafv") returned 0x0 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="luafv", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="luafv", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="luafv", lpUsedDefaultChar=0x0) returned 5 [0059.414] RegEnumKeyW (in: hKey=0x164, dwIndex=0xac, lpName=0x1d87360, cchName=0x104 | out: lpName="Mcx2Svc") returned 0x0 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mcx2svc", lpUsedDefaultChar=0x0) returned 7 [0059.415] RegEnumKeyW (in: hKey=0x164, dwIndex=0xad, lpName=0x1d87360, cchName=0x104 | out: lpName="megasas") returned 0x0 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasas", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasas", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="megasas", lpUsedDefaultChar=0x0) returned 7 [0059.415] RegEnumKeyW (in: hKey=0x164, dwIndex=0xae, lpName=0x1d87360, cchName=0x104 | out: lpName="MegaSR") returned 0x0 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasr", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasr", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="megasr", lpUsedDefaultChar=0x0) returned 6 [0059.415] RegEnumKeyW (in: hKey=0x164, dwIndex=0xaf, lpName=0x1d87360, cchName=0x104 | out: lpName="Microsoft SharePoint Workspace Audit Service") returned 0x0 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0059.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x1d94ae0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sharepoint workspace audit service", lpUsedDefaultChar=0x0) returned 44 [0059.415] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb0, lpName=0x1d87360, cchName=0x104 | out: lpName="MMCSS") returned 0x0 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmcss", lpUsedDefaultChar=0x0) returned 5 [0059.416] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb1, lpName=0x1d87360, cchName=0x104 | out: lpName="Modem") returned 0x0 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="modem", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="modem", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="modem", lpUsedDefaultChar=0x0) returned 5 [0059.416] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb2, lpName=0x1d87360, cchName=0x104 | out: lpName="monitor") returned 0x0 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="monitor", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="monitor", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="monitor", lpUsedDefaultChar=0x0) returned 7 [0059.416] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb3, lpName=0x1d87360, cchName=0x104 | out: lpName="mouclass") returned 0x0 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouclass", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouclass", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mouclass", lpUsedDefaultChar=0x0) returned 8 [0059.416] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb4, lpName=0x1d87360, cchName=0x104 | out: lpName="mouhid") returned 0x0 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouhid", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouhid", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mouhid", lpUsedDefaultChar=0x0) returned 6 [0059.417] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb5, lpName=0x1d87360, cchName=0x104 | out: lpName="mountmgr") returned 0x0 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mountmgr", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mountmgr", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mountmgr", lpUsedDefaultChar=0x0) returned 8 [0059.417] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb6, lpName=0x1d87360, cchName=0x104 | out: lpName="MozillaMaintenance") returned 0x0 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x1d94a98, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mozillamaintenance", lpUsedDefaultChar=0x0) returned 18 [0059.417] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb7, lpName=0x1d87360, cchName=0x104 | out: lpName="mpio") returned 0x0 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpio", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpio", cchWideChar=4, lpMultiByteStr=0x1d94ae0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpio", lpUsedDefaultChar=0x0) returned 4 [0059.417] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb8, lpName=0x1d87360, cchName=0x104 | out: lpName="mpsdrv") returned 0x0 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpsdrv", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpsdrv", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpsdrv", lpUsedDefaultChar=0x0) returned 6 [0059.417] RegEnumKeyW (in: hKey=0x164, dwIndex=0xb9, lpName=0x1d87360, cchName=0x104 | out: lpName="MpsSvc") returned 0x0 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpssvc", lpUsedDefaultChar=0x0) returned 6 [0059.418] RegEnumKeyW (in: hKey=0x164, dwIndex=0xba, lpName=0x1d87360, cchName=0x104 | out: lpName="MRxDAV") returned 0x0 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxdav", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxdav", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxdav", lpUsedDefaultChar=0x0) returned 6 [0059.418] RegEnumKeyW (in: hKey=0x164, dwIndex=0xbb, lpName=0x1d87360, cchName=0x104 | out: lpName="mrxsmb") returned 0x0 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxsmb", lpUsedDefaultChar=0x0) returned 6 [0059.418] RegEnumKeyW (in: hKey=0x164, dwIndex=0xbc, lpName=0x1d87360, cchName=0x104 | out: lpName="mrxsmb10") returned 0x0 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb10", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb10", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxsmb10", lpUsedDefaultChar=0x0) returned 8 [0059.418] RegEnumKeyW (in: hKey=0x164, dwIndex=0xbd, lpName=0x1d87360, cchName=0x104 | out: lpName="mrxsmb20") returned 0x0 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb20", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb20", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxsmb20", lpUsedDefaultChar=0x0) returned 8 [0059.418] RegEnumKeyW (in: hKey=0x164, dwIndex=0xbe, lpName=0x1d87360, cchName=0x104 | out: lpName="msahci") returned 0x0 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msahci", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msahci", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msahci", lpUsedDefaultChar=0x0) returned 6 [0059.419] RegEnumKeyW (in: hKey=0x164, dwIndex=0xbf, lpName=0x1d87360, cchName=0x104 | out: lpName="msdsm") returned 0x0 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdsm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdsm", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdsm", lpUsedDefaultChar=0x0) returned 5 [0059.419] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc0, lpName=0x1d87360, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x1d94a98, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0059.419] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc1, lpName=0x1d87360, cchName=0x104 | out: lpName="MSDTC Bridge 3.0.0.0") returned 0x0 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 3.0.0.0", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 3.0.0.0", cchWideChar=20, lpMultiByteStr=0x1d94ae0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc bridge 3.0.0.0", lpUsedDefaultChar=0x0) returned 20 [0059.419] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc2, lpName=0x1d87360, cchName=0x104 | out: lpName="MSDTC Bridge 4.0.0.0") returned 0x0 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 4.0.0.0", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0059.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 4.0.0.0", cchWideChar=20, lpMultiByteStr=0x1d94a98, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc bridge 4.0.0.0", lpUsedDefaultChar=0x0) returned 20 [0059.419] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc3, lpName=0x1d87360, cchName=0x104 | out: lpName="Msfs") returned 0x0 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msfs", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msfs", cchWideChar=4, lpMultiByteStr=0x1d94ae0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msfs", lpUsedDefaultChar=0x0) returned 4 [0059.420] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc4, lpName=0x1d87360, cchName=0x104 | out: lpName="mshidkmdf") returned 0x0 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mshidkmdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mshidkmdf", cchWideChar=9, lpMultiByteStr=0x1d94a98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mshidkmdf", lpUsedDefaultChar=0x0) returned 9 [0059.420] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc5, lpName=0x1d87360, cchName=0x104 | out: lpName="msisadrv") returned 0x0 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msisadrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msisadrv", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msisadrv", lpUsedDefaultChar=0x0) returned 8 [0059.420] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc6, lpName=0x1d87360, cchName=0x104 | out: lpName="MSiSCSI") returned 0x0 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x1d94a98, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiscsi", lpUsedDefaultChar=0x0) returned 7 [0059.420] RegEnumKeyW (in: hKey=0x164, dwIndex=0xc7, lpName=0x1d87360, cchName=0x104 | out: lpName="msiserver") returned 0x0 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0059.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x1d94ae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiserver", lpUsedDefaultChar=0x0) returned 9 [0059.421] RegOpenKeyExW (in: hKey=0x164, lpSubKey="msiserver", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0xcc) returned 0x0 [0059.421] RegCloseKey (hKey=0x164) returned 0x0 [0059.421] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0059.421] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0059.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0059.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x1d94a98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0059.421] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0059.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0059.421] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="SAM") returned 0x0 [0059.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x1d94a98, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0059.421] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0059.422] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0059.422] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="SYSTEM") returned 0x0 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x1d94ae0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0059.422] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x16c) returned 0x0 [0059.422] RegCloseKey (hKey=0x80000002) returned 0x0 [0059.422] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet001") returned 0x0 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x1d94a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset001", lpUsedDefaultChar=0x0) returned 13 [0059.422] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet002") returned 0x0 [0059.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x1d94ae0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset002", lpUsedDefaultChar=0x0) returned 13 [0059.423] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="MountedDevices") returned 0x0 [0059.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0059.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x1d94a98, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mounteddevices", lpUsedDefaultChar=0x0) returned 14 [0059.423] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="RNG") returned 0x0 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rng", lpUsedDefaultChar=0x0) returned 3 [0059.424] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="Select") returned 0x0 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x1d94a98, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="select", lpUsedDefaultChar=0x0) returned 6 [0059.424] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="Setup") returned 0x0 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x1d94ae0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setup", lpUsedDefaultChar=0x0) returned 5 [0059.424] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName="Software") returned 0x0 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0059.424] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="WPA") returned 0x0 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0059.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x1d94ae0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wpa", lpUsedDefaultChar=0x0) returned 3 [0059.425] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="CurrentControlSet") returned 0x0 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x1d94a98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentcontrolset", lpUsedDefaultChar=0x0) returned 17 [0059.425] RegOpenKeyExW (in: hKey=0x16c, lpSubKey="CurrentControlSet", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x164) returned 0x0 [0059.425] RegCloseKey (hKey=0x16c) returned 0x0 [0059.425] RegEnumKeyW (in: hKey=0x164, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="Control") returned 0x0 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x1d94ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control", lpUsedDefaultChar=0x0) returned 7 [0059.425] RegEnumKeyW (in: hKey=0x164, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="Enum") returned 0x0 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enum", lpUsedDefaultChar=0x0) returned 4 [0059.425] RegEnumKeyW (in: hKey=0x164, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="Hardware Profiles") returned 0x0 [0059.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x1d94ae0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware profiles", lpUsedDefaultChar=0x0) returned 17 [0059.426] RegEnumKeyW (in: hKey=0x164, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="Policies") returned 0x0 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x1d94a98, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0059.426] RegEnumKeyW (in: hKey=0x164, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="services") returned 0x0 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services", lpUsedDefaultChar=0x0) returned 8 [0059.426] RegOpenKeyExW (in: hKey=0x164, lpSubKey="services", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x16c) returned 0x0 [0059.426] RegCloseKey (hKey=0x164) returned 0x0 [0059.426] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Data") returned 0x0 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x1d94a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr data", lpUsedDefaultChar=0x0) returned 13 [0059.426] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking") returned 0x0 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x1d94ae0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking", lpUsedDefaultChar=0x0) returned 19 [0059.427] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking 4.0.0.0") returned 0x0 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x1d94a98, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking 4.0.0.0", lpUsedDefaultChar=0x0) returned 27 [0059.427] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for Oracle") returned 0x0 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x1d94ae0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for oracle", lpUsedDefaultChar=0x0) returned 29 [0059.427] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for SqlServer") returned 0x0 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x1d94a98, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for sqlserver", lpUsedDefaultChar=0x0) returned 32 [0059.427] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Memory Cache 4.0") returned 0x0 [0059.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x1d94ae0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net memory cache 4.0", lpUsedDefaultChar=0x0) returned 21 [0059.428] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x1d94a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0059.428] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="1394ohci") returned 0x0 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x1d94ae0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1394ohci", lpUsedDefaultChar=0x0) returned 8 [0059.428] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0059.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x1d94a98, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acpi", lpUsedDefaultChar=0x0) returned 4 [0059.435] RegEnumValueA (in: hKey=0xcc, dwIndex=0x0, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DisplayName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x1, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ImagePath", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x2, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Description", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x3, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ObjectName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x4, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ErrorControl", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x5, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Start", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x6, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Type", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x7, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DependOnService", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x8, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceSidType", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0x9, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="RequiredPrivileges", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.436] RegEnumValueA (in: hKey=0xcc, dwIndex=0xa, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0xb, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0059.437] RegSetValueExA (hKey=0x0, lpValueName="RequiredPrivileges", Reserved=0x0, dwType=0x7, lpData=0x1d836e8, cbData=0x196) returned 0x6 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x0, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DisplayName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x1, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ImagePath", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x2, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Description", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x3, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ObjectName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x4, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ErrorControl", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x5, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Start", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x6, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Type", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.437] RegEnumValueA (in: hKey=0xcc, dwIndex=0x7, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DependOnService", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.438] RegEnumValueA (in: hKey=0xcc, dwIndex=0x8, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceSidType", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.438] RegEnumValueA (in: hKey=0xcc, dwIndex=0x9, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="RequiredPrivileges", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.438] RegEnumValueA (in: hKey=0xcc, dwIndex=0xa, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0059.438] RegEnumValueA (in: hKey=0xcc, dwIndex=0xb, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0059.438] RegSetValueExA (hKey=0x0, lpValueName="ObjectName", Reserved=0x0, dwType=0x1, lpData=0x1d99810, cbData=0xc) returned 0x6 [0059.438] OpenServiceW (hSCManager=0x324bf0, lpServiceName="TrustedInstaller", dwDesiredAccess=0x2) returned 0x324ce0 [0059.438] ChangeServiceConfigW (in: hService=0x324ce0, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0059.501] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0059.504] CreateFileW (lpFileName="C:\\Windows\\servicing\\TrustedInstaller.exe" (normalized: "c:\\windows\\servicing\\trustedinstaller.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.504] GetLastError () returned 0x5 [0059.547] NtClose (Handle=0xcc) returned 0x0 [0059.547] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0x2710) returned 0x0 [0060.372] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\icacls.exe", lpCommandLine="C:\\Windows\\system32\\icacls.exe C:\\Windows\\servicing\\TrustedInstaller.exe /reset", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fbc0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fc04 | out: lpCommandLine="C:\\Windows\\system32\\icacls.exe C:\\Windows\\servicing\\TrustedInstaller.exe /reset", lpProcessInformation=0x18fc04*(hProcess=0x170, hThread=0xcc, dwProcessId=0xa3c, dwThreadId=0xa40)) returned 1 [0060.389] NtClose (Handle=0xcc) returned 0x0 [0060.389] WaitForSingleObject (hHandle=0x170, dwMilliseconds=0x2710) returned 0x0 [0060.889] NtClose (Handle=0x170) returned 0x0 [0060.889] GetFileAttributesExW (in: lpFileName="C:\\Windows\\servicing\\TrustedInstaller.exe" (normalized: "c:\\windows\\servicing\\trustedinstaller.exe"), fInfoLevelId=0x0, lpFileInformation=0x18fbf4 | out: lpFileInformation=0x18fbf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bcf001f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8bcf001f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8bcf001f, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2f600)) returned 1 [0060.889] CreateFileW (lpFileName="C:\\Windows\\servicing\\TrustedInstaller.exe" (normalized: "c:\\windows\\servicing\\trustedinstaller.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0060.889] GetLastError () returned 0x5 [0060.889] CryptAcquireContextW (in: phProv=0x18fc38, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc38*=0x325220) returned 1 [0060.890] CryptGenRandom (in: hProv=0x325220, dwLen=0x4, pbBuffer=0x18fc4c | out: pbBuffer=0x18fc4c) returned 1 [0060.890] CryptReleaseContext (hProv=0x325220, dwFlags=0x0) returned 1 [0060.890] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v4.0.30319_32", dwDesiredAccess=0x20) returned 0x324cb8 [0060.890] ControlService (in: hService=0x324cb8, dwControl=0x1, lpServiceStatus=0x18fba4 | out: lpServiceStatus=0x18fba4*(dwServiceType=0x10, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0060.890] GetLastError () returned 0x426 [0060.890] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0060.891] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0060.891] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x1d94db0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0060.891] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0060.891] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="SAM") returned 0x0 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0060.891] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0060.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0060.892] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0060.892] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="SYSTEM") returned 0x0 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0060.892] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x16c) returned 0x0 [0060.892] RegCloseKey (hKey=0x80000002) returned 0x0 [0060.892] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet001") returned 0x0 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x1d94db0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset001", lpUsedDefaultChar=0x0) returned 13 [0060.893] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet002") returned 0x0 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x1d94d20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset002", lpUsedDefaultChar=0x0) returned 13 [0060.893] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="MountedDevices") returned 0x0 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x1d94db0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mounteddevices", lpUsedDefaultChar=0x0) returned 14 [0060.893] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="RNG") returned 0x0 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rng", lpUsedDefaultChar=0x0) returned 3 [0060.893] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="Select") returned 0x0 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="select", lpUsedDefaultChar=0x0) returned 6 [0060.893] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="Setup") returned 0x0 [0060.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setup", lpUsedDefaultChar=0x0) returned 5 [0060.894] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName="Software") returned 0x0 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0060.894] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="WPA") returned 0x0 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wpa", lpUsedDefaultChar=0x0) returned 3 [0060.894] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="CurrentControlSet") returned 0x0 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x1d94db0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentcontrolset", lpUsedDefaultChar=0x0) returned 17 [0060.894] RegOpenKeyExW (in: hKey=0x16c, lpSubKey="CurrentControlSet", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x170) returned 0x0 [0060.894] RegCloseKey (hKey=0x16c) returned 0x0 [0060.894] RegEnumKeyW (in: hKey=0x170, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="Control") returned 0x0 [0060.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control", lpUsedDefaultChar=0x0) returned 7 [0060.895] RegEnumKeyW (in: hKey=0x170, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="Enum") returned 0x0 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enum", lpUsedDefaultChar=0x0) returned 4 [0060.895] RegEnumKeyW (in: hKey=0x170, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="Hardware Profiles") returned 0x0 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x1d94d20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware profiles", lpUsedDefaultChar=0x0) returned 17 [0060.895] RegEnumKeyW (in: hKey=0x170, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="Policies") returned 0x0 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0060.895] RegEnumKeyW (in: hKey=0x170, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="services") returned 0x0 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services", lpUsedDefaultChar=0x0) returned 8 [0060.895] RegOpenKeyExW (in: hKey=0x170, lpSubKey="services", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x16c) returned 0x0 [0060.896] RegCloseKey (hKey=0x170) returned 0x0 [0060.896] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Data") returned 0x0 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x1d94db0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr data", lpUsedDefaultChar=0x0) returned 13 [0060.896] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking") returned 0x0 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x1d94d20, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking", lpUsedDefaultChar=0x0) returned 19 [0060.896] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking 4.0.0.0") returned 0x0 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x1d94db0, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking 4.0.0.0", lpUsedDefaultChar=0x0) returned 27 [0060.896] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for Oracle") returned 0x0 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0060.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x1d94d20, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for oracle", lpUsedDefaultChar=0x0) returned 29 [0060.897] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for SqlServer") returned 0x0 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x1d94db0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for sqlserver", lpUsedDefaultChar=0x0) returned 32 [0060.897] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Memory Cache 4.0") returned 0x0 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x1d94d20, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net memory cache 4.0", lpUsedDefaultChar=0x0) returned 21 [0060.897] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x1d94db0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0060.897] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="1394ohci") returned 0x0 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1394ohci", lpUsedDefaultChar=0x0) returned 8 [0060.897] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0060.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acpi", lpUsedDefaultChar=0x0) returned 4 [0060.898] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9, lpName=0x1d87360, cchName=0x104 | out: lpName="AcpiPmi") returned 0x0 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpipmi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpipmi", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acpipmi", lpUsedDefaultChar=0x0) returned 7 [0060.898] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa, lpName=0x1d87360, cchName=0x104 | out: lpName="AdobeFlashPlayerUpdateSvc") returned 0x0 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x1d94db0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adobeflashplayerupdatesvc", lpUsedDefaultChar=0x0) returned 25 [0060.898] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb, lpName=0x1d87360, cchName=0x104 | out: lpName="adp94xx") returned 0x0 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adp94xx", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adp94xx", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adp94xx", lpUsedDefaultChar=0x0) returned 7 [0060.898] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc, lpName=0x1d87360, cchName=0x104 | out: lpName="adpahci") returned 0x0 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpahci", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpahci", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adpahci", lpUsedDefaultChar=0x0) returned 7 [0060.898] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xd, lpName=0x1d87360, cchName=0x104 | out: lpName="adpu320") returned 0x0 [0060.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpu320", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adpu320", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adpu320", lpUsedDefaultChar=0x0) returned 7 [0060.928] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xe, lpName=0x1d87360, cchName=0x104 | out: lpName="adsi") returned 0x0 [0060.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adsi", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adsi", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adsi", lpUsedDefaultChar=0x0) returned 4 [0060.928] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xf, lpName=0x1d87360, cchName=0x104 | out: lpName="AeLookupSvc") returned 0x0 [0060.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x1d94d20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aelookupsvc", lpUsedDefaultChar=0x0) returned 11 [0060.928] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x10, lpName=0x1d87360, cchName=0x104 | out: lpName="AFD") returned 0x0 [0060.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="afd", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="afd", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afd", lpUsedDefaultChar=0x0) returned 3 [0060.929] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x11, lpName=0x1d87360, cchName=0x104 | out: lpName="agp440") returned 0x0 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="agp440", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="agp440", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="agp440", lpUsedDefaultChar=0x0) returned 6 [0060.929] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x12, lpName=0x1d87360, cchName=0x104 | out: lpName="ALG") returned 0x0 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0060.929] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x13, lpName=0x1d87360, cchName=0x104 | out: lpName="aliide") returned 0x0 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aliide", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aliide", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aliide", lpUsedDefaultChar=0x0) returned 6 [0060.929] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x14, lpName=0x1d87360, cchName=0x104 | out: lpName="amdide") returned 0x0 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdide", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdide", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdide", lpUsedDefaultChar=0x0) returned 6 [0060.929] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x15, lpName=0x1d87360, cchName=0x104 | out: lpName="AmdK8") returned 0x0 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdk8", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdk8", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdk8", lpUsedDefaultChar=0x0) returned 5 [0060.930] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x16, lpName=0x1d87360, cchName=0x104 | out: lpName="AmdPPM") returned 0x0 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdppm", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdppm", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdppm", lpUsedDefaultChar=0x0) returned 6 [0060.930] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x17, lpName=0x1d87360, cchName=0x104 | out: lpName="amdsata") returned 0x0 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsata", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsata", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdsata", lpUsedDefaultChar=0x0) returned 7 [0060.930] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x18, lpName=0x1d87360, cchName=0x104 | out: lpName="amdsbs") returned 0x0 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsbs", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdsbs", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdsbs", lpUsedDefaultChar=0x0) returned 6 [0060.930] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x19, lpName=0x1d87360, cchName=0x104 | out: lpName="amdxata") returned 0x0 [0060.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdxata", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amdxata", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amdxata", lpUsedDefaultChar=0x0) returned 7 [0060.931] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1a, lpName=0x1d87360, cchName=0x104 | out: lpName="AppID") returned 0x0 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appid", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appid", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appid", lpUsedDefaultChar=0x0) returned 5 [0060.931] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1b, lpName=0x1d87360, cchName=0x104 | out: lpName="AppIDSvc") returned 0x0 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appidsvc", lpUsedDefaultChar=0x0) returned 8 [0060.931] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1c, lpName=0x1d87360, cchName=0x104 | out: lpName="Appinfo") returned 0x0 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appinfo", lpUsedDefaultChar=0x0) returned 7 [0060.931] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1d, lpName=0x1d87360, cchName=0x104 | out: lpName="AppMgmt") returned 0x0 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appmgmt", lpUsedDefaultChar=0x0) returned 7 [0060.931] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1e, lpName=0x1d87360, cchName=0x104 | out: lpName="arc") returned 0x0 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arc", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="arc", lpUsedDefaultChar=0x0) returned 3 [0060.932] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1f, lpName=0x1d87360, cchName=0x104 | out: lpName="arcsas") returned 0x0 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arcsas", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arcsas", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="arcsas", lpUsedDefaultChar=0x0) returned 6 [0060.932] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x20, lpName=0x1d87360, cchName=0x104 | out: lpName="ASP.NET") returned 0x0 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net", lpUsedDefaultChar=0x0) returned 7 [0060.932] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x21, lpName=0x1d87360, cchName=0x104 | out: lpName="ASP.NET_4.0.30319") returned 0x0 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net_4.0.30319", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net_4.0.30319", cchWideChar=17, lpMultiByteStr=0x1d94d20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net_4.0.30319", lpUsedDefaultChar=0x0) returned 17 [0060.932] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x22, lpName=0x1d87360, cchName=0x104 | out: lpName="aspnet_state") returned 0x0 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x1d94db0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aspnet_state", lpUsedDefaultChar=0x0) returned 12 [0060.933] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x23, lpName=0x1d87360, cchName=0x104 | out: lpName="AsyncMac") returned 0x0 [0060.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asyncmac", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asyncmac", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asyncmac", lpUsedDefaultChar=0x0) returned 8 [0060.933] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x24, lpName=0x1d87360, cchName=0x104 | out: lpName="atapi") returned 0x0 [0060.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="atapi", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="atapi", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="atapi", lpUsedDefaultChar=0x0) returned 5 [0060.933] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x25, lpName=0x1d87360, cchName=0x104 | out: lpName="AudioEndpointBuilder") returned 0x0 [0060.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0060.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x1d94d20, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audioendpointbuilder", lpUsedDefaultChar=0x0) returned 20 [0060.934] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x26, lpName=0x1d87360, cchName=0x104 | out: lpName="AudioSrv") returned 0x0 [0060.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiosrv", lpUsedDefaultChar=0x0) returned 8 [0060.934] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x27, lpName=0x1d87360, cchName=0x104 | out: lpName="AxInstSV") returned 0x0 [0060.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="axinstsv", lpUsedDefaultChar=0x0) returned 8 [0060.934] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x28, lpName=0x1d87360, cchName=0x104 | out: lpName="b06bdrv") returned 0x0 [0060.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b06bdrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b06bdrv", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="b06bdrv", lpUsedDefaultChar=0x0) returned 7 [0060.935] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x29, lpName=0x1d87360, cchName=0x104 | out: lpName="b57nd60a") returned 0x0 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b57nd60a", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="b57nd60a", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="b57nd60a", lpUsedDefaultChar=0x0) returned 8 [0060.935] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2a, lpName=0x1d87360, cchName=0x104 | out: lpName="BattC") returned 0x0 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="battc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="battc", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="battc", lpUsedDefaultChar=0x0) returned 5 [0060.935] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2b, lpName=0x1d87360, cchName=0x104 | out: lpName="BDESVC") returned 0x0 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bdesvc", lpUsedDefaultChar=0x0) returned 6 [0060.935] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2c, lpName=0x1d87360, cchName=0x104 | out: lpName="Beep") returned 0x0 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="beep", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="beep", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="beep", lpUsedDefaultChar=0x0) returned 4 [0060.936] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2d, lpName=0x1d87360, cchName=0x104 | out: lpName="BFE") returned 0x0 [0060.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bfe", lpUsedDefaultChar=0x0) returned 3 [0060.936] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2e, lpName=0x1d87360, cchName=0x104 | out: lpName="BITS") returned 0x0 [0060.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0060.936] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2f, lpName=0x1d87360, cchName=0x104 | out: lpName="blbdrive") returned 0x0 [0060.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="blbdrive", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="blbdrive", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="blbdrive", lpUsedDefaultChar=0x0) returned 8 [0060.937] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x30, lpName=0x1d87360, cchName=0x104 | out: lpName="bowser") returned 0x0 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bowser", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bowser", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bowser", lpUsedDefaultChar=0x0) returned 6 [0060.937] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x31, lpName=0x1d87360, cchName=0x104 | out: lpName="BrFiltLo") returned 0x0 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltlo", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltlo", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brfiltlo", lpUsedDefaultChar=0x0) returned 8 [0060.937] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x32, lpName=0x1d87360, cchName=0x104 | out: lpName="BrFiltUp") returned 0x0 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltup", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brfiltup", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brfiltup", lpUsedDefaultChar=0x0) returned 8 [0060.937] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x33, lpName=0x1d87360, cchName=0x104 | out: lpName="Browser") returned 0x0 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="browser", lpUsedDefaultChar=0x0) returned 7 [0060.937] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x34, lpName=0x1d87360, cchName=0x104 | out: lpName="Brserid") returned 0x0 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserid", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserid", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brserid", lpUsedDefaultChar=0x0) returned 7 [0060.938] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x35, lpName=0x1d87360, cchName=0x104 | out: lpName="BrSerWdm") returned 0x0 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserwdm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brserwdm", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brserwdm", lpUsedDefaultChar=0x0) returned 8 [0060.938] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x36, lpName=0x1d87360, cchName=0x104 | out: lpName="BrUsbMdm") returned 0x0 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbmdm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbmdm", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brusbmdm", lpUsedDefaultChar=0x0) returned 8 [0060.938] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x37, lpName=0x1d87360, cchName=0x104 | out: lpName="BrUsbSer") returned 0x0 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbser", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="brusbser", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brusbser", lpUsedDefaultChar=0x0) returned 8 [0060.938] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x38, lpName=0x1d87360, cchName=0x104 | out: lpName="BTHMODEM") returned 0x0 [0060.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthmodem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthmodem", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthmodem", lpUsedDefaultChar=0x0) returned 8 [0060.939] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x39, lpName=0x1d87360, cchName=0x104 | out: lpName="BTHPORT") returned 0x0 [0060.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthport", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthport", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthport", lpUsedDefaultChar=0x0) returned 7 [0060.939] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3a, lpName=0x1d87360, cchName=0x104 | out: lpName="bthserv") returned 0x0 [0060.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthserv", lpUsedDefaultChar=0x0) returned 7 [0060.939] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3b, lpName=0x1d87360, cchName=0x104 | out: lpName="cdfs") returned 0x0 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdfs", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdfs", cchWideChar=4, lpMultiByteStr=0x1d94d20, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cdfs", lpUsedDefaultChar=0x0) returned 4 [0060.940] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3c, lpName=0x1d87360, cchName=0x104 | out: lpName="cdrom") returned 0x0 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdrom", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cdrom", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cdrom", lpUsedDefaultChar=0x0) returned 5 [0060.940] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3d, lpName=0x1d87360, cchName=0x104 | out: lpName="CertPropSvc") returned 0x0 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x1d94d20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="certpropsvc", lpUsedDefaultChar=0x0) returned 11 [0060.940] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3e, lpName=0x1d87360, cchName=0x104 | out: lpName="circlass") returned 0x0 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="circlass", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="circlass", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="circlass", lpUsedDefaultChar=0x0) returned 8 [0060.940] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3f, lpName=0x1d87360, cchName=0x104 | out: lpName="CLFS") returned 0x0 [0060.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clfs", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clfs", cchWideChar=4, lpMultiByteStr=0x1d94d20, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clfs", lpUsedDefaultChar=0x0) returned 4 [0060.941] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x40, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v2.0.50727_32") returned 0x0 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x1d94db0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_32", lpUsedDefaultChar=0x0) returned 30 [0060.941] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x41, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v2.0.50727_64") returned 0x0 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x1d94d20, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_64", lpUsedDefaultChar=0x0) returned 30 [0060.941] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x42, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v4.0.30319_32") returned 0x0 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x1d94db0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_32", lpUsedDefaultChar=0x0) returned 30 [0060.941] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x43, lpName=0x1d87360, cchName=0x104 | out: lpName="clr_optimization_v4.0.30319_64") returned 0x0 [0060.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x1d94d20, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_64", lpUsedDefaultChar=0x0) returned 30 [0060.942] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x44, lpName=0x1d87360, cchName=0x104 | out: lpName="CmBatt") returned 0x0 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmbatt", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmbatt", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cmbatt", lpUsedDefaultChar=0x0) returned 6 [0060.942] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x45, lpName=0x1d87360, cchName=0x104 | out: lpName="cmdide") returned 0x0 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmdide", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmdide", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cmdide", lpUsedDefaultChar=0x0) returned 6 [0060.942] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x46, lpName=0x1d87360, cchName=0x104 | out: lpName="CNG") returned 0x0 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cng", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cng", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cng", lpUsedDefaultChar=0x0) returned 3 [0060.942] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x47, lpName=0x1d87360, cchName=0x104 | out: lpName="Compbatt") returned 0x0 [0060.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compbatt", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compbatt", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="compbatt", lpUsedDefaultChar=0x0) returned 8 [0060.943] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x48, lpName=0x1d87360, cchName=0x104 | out: lpName="CompositeBus") returned 0x0 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compositebus", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="compositebus", cchWideChar=12, lpMultiByteStr=0x1d94db0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="compositebus", lpUsedDefaultChar=0x0) returned 12 [0060.943] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x49, lpName=0x1d87360, cchName=0x104 | out: lpName="COMSysApp") returned 0x0 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x1d94d20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="comsysapp", lpUsedDefaultChar=0x0) returned 9 [0060.943] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4a, lpName=0x1d87360, cchName=0x104 | out: lpName="crcdisk") returned 0x0 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crcdisk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crcdisk", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crcdisk", lpUsedDefaultChar=0x0) returned 7 [0060.943] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4b, lpName=0x1d87360, cchName=0x104 | out: lpName="crypt32") returned 0x0 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crypt32", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="crypt32", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crypt32", lpUsedDefaultChar=0x0) returned 7 [0060.944] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4c, lpName=0x1d87360, cchName=0x104 | out: lpName="CryptSvc") returned 0x0 [0060.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptsvc", lpUsedDefaultChar=0x0) returned 8 [0060.944] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4d, lpName=0x1d87360, cchName=0x104 | out: lpName="CSC") returned 0x0 [0060.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csc", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csc", lpUsedDefaultChar=0x0) returned 3 [0060.944] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4e, lpName=0x1d87360, cchName=0x104 | out: lpName="CscService") returned 0x0 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x1d94db0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cscservice", lpUsedDefaultChar=0x0) returned 10 [0060.945] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4f, lpName=0x1d87360, cchName=0x104 | out: lpName="DCLocator") returned 0x0 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dclocator", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dclocator", cchWideChar=9, lpMultiByteStr=0x1d94d20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dclocator", lpUsedDefaultChar=0x0) returned 9 [0060.945] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x50, lpName=0x1d87360, cchName=0x104 | out: lpName="DcomLaunch") returned 0x0 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x1d94db0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dcomlaunch", lpUsedDefaultChar=0x0) returned 10 [0060.945] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x51, lpName=0x1d87360, cchName=0x104 | out: lpName="defragsvc") returned 0x0 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x1d94d20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="defragsvc", lpUsedDefaultChar=0x0) returned 9 [0060.945] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x52, lpName=0x1d87360, cchName=0x104 | out: lpName="DfsC") returned 0x0 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfsc", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfsc", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfsc", lpUsedDefaultChar=0x0) returned 4 [0060.946] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x53, lpName=0x1d87360, cchName=0x104 | out: lpName="Dhcp") returned 0x0 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x1d94d20, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dhcp", lpUsedDefaultChar=0x0) returned 4 [0060.946] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x54, lpName=0x1d87360, cchName=0x104 | out: lpName="DiagTrack") returned 0x0 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagtrack", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagtrack", cchWideChar=9, lpMultiByteStr=0x1d94db0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="diagtrack", lpUsedDefaultChar=0x0) returned 9 [0060.946] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x55, lpName=0x1d87360, cchName=0x104 | out: lpName="discache") returned 0x0 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="discache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="discache", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="discache", lpUsedDefaultChar=0x0) returned 8 [0060.948] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x56, lpName=0x1d87360, cchName=0x104 | out: lpName="Disk") returned 0x0 [0060.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="disk", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="disk", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="disk", lpUsedDefaultChar=0x0) returned 4 [0060.949] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x57, lpName=0x1d87360, cchName=0x104 | out: lpName="dmvsc") returned 0x0 [0060.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dmvsc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dmvsc", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dmvsc", lpUsedDefaultChar=0x0) returned 5 [0060.949] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x58, lpName=0x1d87360, cchName=0x104 | out: lpName="Dnscache") returned 0x0 [0060.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dnscache", lpUsedDefaultChar=0x0) returned 8 [0060.949] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x59, lpName=0x1d87360, cchName=0x104 | out: lpName="dot3svc") returned 0x0 [0060.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dot3svc", lpUsedDefaultChar=0x0) returned 7 [0060.950] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5a, lpName=0x1d87360, cchName=0x104 | out: lpName="DPS") returned 0x0 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dps", lpUsedDefaultChar=0x0) returned 3 [0060.950] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5b, lpName=0x1d87360, cchName=0x104 | out: lpName="drmkaud") returned 0x0 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drmkaud", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drmkaud", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drmkaud", lpUsedDefaultChar=0x0) returned 7 [0060.950] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5c, lpName=0x1d87360, cchName=0x104 | out: lpName="DXGKrnl") returned 0x0 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxgkrnl", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxgkrnl", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dxgkrnl", lpUsedDefaultChar=0x0) returned 7 [0060.950] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5d, lpName=0x1d87360, cchName=0x104 | out: lpName="E1G60") returned 0x0 [0060.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="e1g60", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="e1g60", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="e1g60", lpUsedDefaultChar=0x0) returned 5 [0060.951] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5e, lpName=0x1d87360, cchName=0x104 | out: lpName="EapHost") returned 0x0 [0060.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eaphost", lpUsedDefaultChar=0x0) returned 7 [0060.951] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x5f, lpName=0x1d87360, cchName=0x104 | out: lpName="ebdrv") returned 0x0 [0060.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ebdrv", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ebdrv", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ebdrv", lpUsedDefaultChar=0x0) returned 5 [0060.951] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x60, lpName=0x1d87360, cchName=0x104 | out: lpName="EFS") returned 0x0 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="efs", lpUsedDefaultChar=0x0) returned 3 [0060.952] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x61, lpName=0x1d87360, cchName=0x104 | out: lpName="ehRecvr") returned 0x0 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehrecvr", lpUsedDefaultChar=0x0) returned 7 [0060.952] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x62, lpName=0x1d87360, cchName=0x104 | out: lpName="ehSched") returned 0x0 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehsched", lpUsedDefaultChar=0x0) returned 7 [0060.952] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x63, lpName=0x1d87360, cchName=0x104 | out: lpName="elxstor") returned 0x0 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="elxstor", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="elxstor", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="elxstor", lpUsedDefaultChar=0x0) returned 7 [0060.952] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x64, lpName=0x1d87360, cchName=0x104 | out: lpName="ErrDev") returned 0x0 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="errdev", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="errdev", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="errdev", lpUsedDefaultChar=0x0) returned 6 [0060.953] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x65, lpName=0x1d87360, cchName=0x104 | out: lpName="ESENT") returned 0x0 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="esent", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="esent", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="esent", lpUsedDefaultChar=0x0) returned 5 [0060.953] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x66, lpName=0x1d87360, cchName=0x104 | out: lpName="eventlog") returned 0x0 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventlog", lpUsedDefaultChar=0x0) returned 8 [0060.953] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x67, lpName=0x1d87360, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x1d94d20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0060.953] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x68, lpName=0x1d87360, cchName=0x104 | out: lpName="exfat") returned 0x0 [0060.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exfat", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exfat", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exfat", lpUsedDefaultChar=0x0) returned 5 [0060.954] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x69, lpName=0x1d87360, cchName=0x104 | out: lpName="fastfat") returned 0x0 [0060.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fastfat", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fastfat", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fastfat", lpUsedDefaultChar=0x0) returned 7 [0060.954] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6a, lpName=0x1d87360, cchName=0x104 | out: lpName="Fax") returned 0x0 [0060.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0060.954] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6b, lpName=0x1d87360, cchName=0x104 | out: lpName="fdc") returned 0x0 [0060.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdc", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdc", lpUsedDefaultChar=0x0) returned 3 [0060.955] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6c, lpName=0x1d87360, cchName=0x104 | out: lpName="fdPHost") returned 0x0 [0060.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdphost", lpUsedDefaultChar=0x0) returned 7 [0060.956] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6d, lpName=0x1d87360, cchName=0x104 | out: lpName="FDResPub") returned 0x0 [0060.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdrespub", lpUsedDefaultChar=0x0) returned 8 [0060.956] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6e, lpName=0x1d87360, cchName=0x104 | out: lpName="FileInfo") returned 0x0 [0060.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fileinfo", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fileinfo", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fileinfo", lpUsedDefaultChar=0x0) returned 8 [0060.956] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x6f, lpName=0x1d87360, cchName=0x104 | out: lpName="Filetrace") returned 0x0 [0060.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="filetrace", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="filetrace", cchWideChar=9, lpMultiByteStr=0x1d94d20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filetrace", lpUsedDefaultChar=0x0) returned 9 [0060.957] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x70, lpName=0x1d87360, cchName=0x104 | out: lpName="flpydisk") returned 0x0 [0060.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flpydisk", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flpydisk", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flpydisk", lpUsedDefaultChar=0x0) returned 8 [0060.957] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x71, lpName=0x1d87360, cchName=0x104 | out: lpName="FltMgr") returned 0x0 [0060.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fltmgr", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fltmgr", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fltmgr", lpUsedDefaultChar=0x0) returned 6 [0060.958] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x72, lpName=0x1d87360, cchName=0x104 | out: lpName="FontCache") returned 0x0 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x1d94db0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache", lpUsedDefaultChar=0x0) returned 9 [0060.958] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x73, lpName=0x1d87360, cchName=0x104 | out: lpName="FontCache3.0.0.0") returned 0x0 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x1d94d20, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache3.0.0.0", lpUsedDefaultChar=0x0) returned 16 [0060.958] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x74, lpName=0x1d87360, cchName=0x104 | out: lpName="FsDepends") returned 0x0 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fsdepends", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fsdepends", cchWideChar=9, lpMultiByteStr=0x1d94db0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fsdepends", lpUsedDefaultChar=0x0) returned 9 [0060.958] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x75, lpName=0x1d87360, cchName=0x104 | out: lpName="Fs_Rec") returned 0x0 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fs_rec", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fs_rec", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fs_rec", lpUsedDefaultChar=0x0) returned 6 [0060.958] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x76, lpName=0x1d87360, cchName=0x104 | out: lpName="fvevol") returned 0x0 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fvevol", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fvevol", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fvevol", lpUsedDefaultChar=0x0) returned 6 [0060.959] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x77, lpName=0x1d87360, cchName=0x104 | out: lpName="gagp30kx") returned 0x0 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gagp30kx", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gagp30kx", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gagp30kx", lpUsedDefaultChar=0x0) returned 8 [0060.959] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x78, lpName=0x1d87360, cchName=0x104 | out: lpName="gpsvc") returned 0x0 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpsvc", lpUsedDefaultChar=0x0) returned 5 [0060.959] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x79, lpName=0x1d87360, cchName=0x104 | out: lpName="gupdate") returned 0x0 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdate", lpUsedDefaultChar=0x0) returned 7 [0060.959] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7a, lpName=0x1d87360, cchName=0x104 | out: lpName="gupdatem") returned 0x0 [0060.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdatem", lpUsedDefaultChar=0x0) returned 8 [0060.960] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7b, lpName=0x1d87360, cchName=0x104 | out: lpName="hcw85cir") returned 0x0 [0060.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hcw85cir", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hcw85cir", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hcw85cir", lpUsedDefaultChar=0x0) returned 8 [0060.960] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7c, lpName=0x1d87360, cchName=0x104 | out: lpName="HdAudAddService") returned 0x0 [0060.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudaddservice", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0060.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudaddservice", cchWideChar=15, lpMultiByteStr=0x1d94db0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hdaudaddservice", lpUsedDefaultChar=0x0) returned 15 [0060.960] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7d, lpName=0x1d87360, cchName=0x104 | out: lpName="HDAudBus") returned 0x0 [0060.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudbus", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hdaudbus", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hdaudbus", lpUsedDefaultChar=0x0) returned 8 [0060.961] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7e, lpName=0x1d87360, cchName=0x104 | out: lpName="HidBatt") returned 0x0 [0060.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbatt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbatt", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidbatt", lpUsedDefaultChar=0x0) returned 7 [0060.961] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x7f, lpName=0x1d87360, cchName=0x104 | out: lpName="HidBth") returned 0x0 [0060.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbth", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidbth", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidbth", lpUsedDefaultChar=0x0) returned 6 [0060.961] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x80, lpName=0x1d87360, cchName=0x104 | out: lpName="HidIr") returned 0x0 [0060.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidir", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidir", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidir", lpUsedDefaultChar=0x0) returned 5 [0060.962] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x81, lpName=0x1d87360, cchName=0x104 | out: lpName="hidserv") returned 0x0 [0060.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidserv", lpUsedDefaultChar=0x0) returned 7 [0060.962] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x82, lpName=0x1d87360, cchName=0x104 | out: lpName="HidUsb") returned 0x0 [0060.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidusb", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidusb", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidusb", lpUsedDefaultChar=0x0) returned 6 [0060.962] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x83, lpName=0x1d87360, cchName=0x104 | out: lpName="hkmsvc") returned 0x0 [0060.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hkmsvc", lpUsedDefaultChar=0x0) returned 6 [0060.963] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x84, lpName=0x1d87360, cchName=0x104 | out: lpName="HomeGroupListener") returned 0x0 [0060.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x1d94db0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegrouplistener", lpUsedDefaultChar=0x0) returned 17 [0060.963] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x85, lpName=0x1d87360, cchName=0x104 | out: lpName="HomeGroupProvider") returned 0x0 [0060.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x1d94d20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroupprovider", lpUsedDefaultChar=0x0) returned 17 [0060.964] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x86, lpName=0x1d87360, cchName=0x104 | out: lpName="HpSAMD") returned 0x0 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hpsamd", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hpsamd", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hpsamd", lpUsedDefaultChar=0x0) returned 6 [0060.964] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x87, lpName=0x1d87360, cchName=0x104 | out: lpName="HTTP") returned 0x0 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="http", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="http", cchWideChar=4, lpMultiByteStr=0x1d94d20, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="http", lpUsedDefaultChar=0x0) returned 4 [0060.964] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x88, lpName=0x1d87360, cchName=0x104 | out: lpName="hwpolicy") returned 0x0 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hwpolicy", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hwpolicy", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hwpolicy", lpUsedDefaultChar=0x0) returned 8 [0060.964] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x89, lpName=0x1d87360, cchName=0x104 | out: lpName="i8042prt") returned 0x0 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="i8042prt", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="i8042prt", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i8042prt", lpUsedDefaultChar=0x0) returned 8 [0060.965] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8a, lpName=0x1d87360, cchName=0x104 | out: lpName="iaStorV") returned 0x0 [0060.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iastorv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iastorv", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iastorv", lpUsedDefaultChar=0x0) returned 7 [0060.965] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8b, lpName=0x1d87360, cchName=0x104 | out: lpName="idsvc") returned 0x0 [0060.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idsvc", lpUsedDefaultChar=0x0) returned 5 [0060.965] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8c, lpName=0x1d87360, cchName=0x104 | out: lpName="iirsp") returned 0x0 [0060.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iirsp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iirsp", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iirsp", lpUsedDefaultChar=0x0) returned 5 [0060.965] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8d, lpName=0x1d87360, cchName=0x104 | out: lpName="IKEEXT") returned 0x0 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ikeext", lpUsedDefaultChar=0x0) returned 6 [0060.966] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8e, lpName=0x1d87360, cchName=0x104 | out: lpName="inetaccs") returned 0x0 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="inetaccs", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="inetaccs", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="inetaccs", lpUsedDefaultChar=0x0) returned 8 [0060.966] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x8f, lpName=0x1d87360, cchName=0x104 | out: lpName="intelide") returned 0x0 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelide", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelide", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intelide", lpUsedDefaultChar=0x0) returned 8 [0060.966] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x90, lpName=0x1d87360, cchName=0x104 | out: lpName="intelppm") returned 0x0 [0060.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelppm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intelppm", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intelppm", lpUsedDefaultChar=0x0) returned 8 [0060.967] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x91, lpName=0x1d87360, cchName=0x104 | out: lpName="IPBusEnum") returned 0x0 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x1d94d20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipbusenum", lpUsedDefaultChar=0x0) returned 9 [0060.967] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x92, lpName=0x1d87360, cchName=0x104 | out: lpName="IpFilterDriver") returned 0x0 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipfilterdriver", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipfilterdriver", cchWideChar=14, lpMultiByteStr=0x1d94db0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipfilterdriver", lpUsedDefaultChar=0x0) returned 14 [0060.967] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x93, lpName=0x1d87360, cchName=0x104 | out: lpName="iphlpsvc") returned 0x0 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iphlpsvc", lpUsedDefaultChar=0x0) returned 8 [0060.967] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x94, lpName=0x1d87360, cchName=0x104 | out: lpName="IPMIDRV") returned 0x0 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipmidrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipmidrv", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipmidrv", lpUsedDefaultChar=0x0) returned 7 [0060.968] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x95, lpName=0x1d87360, cchName=0x104 | out: lpName="IPNAT") returned 0x0 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipnat", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipnat", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipnat", lpUsedDefaultChar=0x0) returned 5 [0060.968] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x96, lpName=0x1d87360, cchName=0x104 | out: lpName="IRENUM") returned 0x0 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="irenum", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="irenum", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="irenum", lpUsedDefaultChar=0x0) returned 6 [0060.968] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x97, lpName=0x1d87360, cchName=0x104 | out: lpName="isapnp") returned 0x0 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isapnp", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isapnp", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isapnp", lpUsedDefaultChar=0x0) returned 6 [0060.968] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x98, lpName=0x1d87360, cchName=0x104 | out: lpName="iScsiPrt") returned 0x0 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iscsiprt", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iscsiprt", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iscsiprt", lpUsedDefaultChar=0x0) returned 8 [0060.968] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x99, lpName=0x1d87360, cchName=0x104 | out: lpName="kbdclass") returned 0x0 [0060.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdclass", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdclass", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kbdclass", lpUsedDefaultChar=0x0) returned 8 [0060.969] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9a, lpName=0x1d87360, cchName=0x104 | out: lpName="kbdhid") returned 0x0 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdhid", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kbdhid", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kbdhid", lpUsedDefaultChar=0x0) returned 6 [0060.969] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9b, lpName=0x1d87360, cchName=0x104 | out: lpName="KeyIso") returned 0x0 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keyiso", lpUsedDefaultChar=0x0) returned 6 [0060.969] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9c, lpName=0x1d87360, cchName=0x104 | out: lpName="KSecDD") returned 0x0 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecdd", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecdd", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ksecdd", lpUsedDefaultChar=0x0) returned 6 [0060.969] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9d, lpName=0x1d87360, cchName=0x104 | out: lpName="KSecPkg") returned 0x0 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecpkg", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksecpkg", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ksecpkg", lpUsedDefaultChar=0x0) returned 7 [0060.969] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9e, lpName=0x1d87360, cchName=0x104 | out: lpName="ksthunk") returned 0x0 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksthunk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ksthunk", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ksthunk", lpUsedDefaultChar=0x0) returned 7 [0060.970] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x9f, lpName=0x1d87360, cchName=0x104 | out: lpName="KtmRm") returned 0x0 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ktmrm", lpUsedDefaultChar=0x0) returned 5 [0060.970] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa0, lpName=0x1d87360, cchName=0x104 | out: lpName="LanmanServer") returned 0x0 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x1d94db0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanserver", lpUsedDefaultChar=0x0) returned 12 [0060.970] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa1, lpName=0x1d87360, cchName=0x104 | out: lpName="LanmanWorkstation") returned 0x0 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x1d94d20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanworkstation", lpUsedDefaultChar=0x0) returned 17 [0060.971] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa2, lpName=0x1d87360, cchName=0x104 | out: lpName="ldap") returned 0x0 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ldap", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ldap", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ldap", lpUsedDefaultChar=0x0) returned 4 [0060.971] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa3, lpName=0x1d87360, cchName=0x104 | out: lpName="lltdio") returned 0x0 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdio", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdio", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lltdio", lpUsedDefaultChar=0x0) returned 6 [0060.971] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa4, lpName=0x1d87360, cchName=0x104 | out: lpName="lltdsvc") returned 0x0 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lltdsvc", lpUsedDefaultChar=0x0) returned 7 [0060.971] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa5, lpName=0x1d87360, cchName=0x104 | out: lpName="lmhosts") returned 0x0 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lmhosts", lpUsedDefaultChar=0x0) returned 7 [0060.971] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa6, lpName=0x1d87360, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsa", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsa", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsa", lpUsedDefaultChar=0x0) returned 3 [0060.972] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa7, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_FC") returned 0x0 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_fc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_fc", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_fc", lpUsedDefaultChar=0x0) returned 6 [0060.972] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa8, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_SAS") returned 0x0 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_sas", lpUsedDefaultChar=0x0) returned 7 [0060.972] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xa9, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_SAS2") returned 0x0 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas2", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_sas2", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_sas2", lpUsedDefaultChar=0x0) returned 8 [0060.972] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xaa, lpName=0x1d87360, cchName=0x104 | out: lpName="LSI_SCSI") returned 0x0 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_scsi", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsi_scsi", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsi_scsi", lpUsedDefaultChar=0x0) returned 8 [0060.973] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xab, lpName=0x1d87360, cchName=0x104 | out: lpName="luafv") returned 0x0 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="luafv", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="luafv", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="luafv", lpUsedDefaultChar=0x0) returned 5 [0060.973] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xac, lpName=0x1d87360, cchName=0x104 | out: lpName="Mcx2Svc") returned 0x0 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mcx2svc", lpUsedDefaultChar=0x0) returned 7 [0060.973] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xad, lpName=0x1d87360, cchName=0x104 | out: lpName="megasas") returned 0x0 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasas", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasas", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="megasas", lpUsedDefaultChar=0x0) returned 7 [0060.974] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xae, lpName=0x1d87360, cchName=0x104 | out: lpName="MegaSR") returned 0x0 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasr", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="megasr", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="megasr", lpUsedDefaultChar=0x0) returned 6 [0060.974] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xaf, lpName=0x1d87360, cchName=0x104 | out: lpName="Microsoft SharePoint Workspace Audit Service") returned 0x0 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x1d94d20, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sharepoint workspace audit service", lpUsedDefaultChar=0x0) returned 44 [0060.974] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb0, lpName=0x1d87360, cchName=0x104 | out: lpName="MMCSS") returned 0x0 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmcss", lpUsedDefaultChar=0x0) returned 5 [0060.974] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb1, lpName=0x1d87360, cchName=0x104 | out: lpName="Modem") returned 0x0 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="modem", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="modem", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="modem", lpUsedDefaultChar=0x0) returned 5 [0060.975] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb2, lpName=0x1d87360, cchName=0x104 | out: lpName="monitor") returned 0x0 [0060.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="monitor", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="monitor", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="monitor", lpUsedDefaultChar=0x0) returned 7 [0060.975] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb3, lpName=0x1d87360, cchName=0x104 | out: lpName="mouclass") returned 0x0 [0060.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouclass", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouclass", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mouclass", lpUsedDefaultChar=0x0) returned 8 [0060.975] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb4, lpName=0x1d87360, cchName=0x104 | out: lpName="mouhid") returned 0x0 [0060.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouhid", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mouhid", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mouhid", lpUsedDefaultChar=0x0) returned 6 [0060.975] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb5, lpName=0x1d87360, cchName=0x104 | out: lpName="mountmgr") returned 0x0 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mountmgr", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mountmgr", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mountmgr", lpUsedDefaultChar=0x0) returned 8 [0060.976] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb6, lpName=0x1d87360, cchName=0x104 | out: lpName="MozillaMaintenance") returned 0x0 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x1d94db0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mozillamaintenance", lpUsedDefaultChar=0x0) returned 18 [0060.976] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb7, lpName=0x1d87360, cchName=0x104 | out: lpName="mpio") returned 0x0 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpio", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpio", cchWideChar=4, lpMultiByteStr=0x1d94d20, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpio", lpUsedDefaultChar=0x0) returned 4 [0060.976] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb8, lpName=0x1d87360, cchName=0x104 | out: lpName="mpsdrv") returned 0x0 [0060.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpsdrv", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpsdrv", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpsdrv", lpUsedDefaultChar=0x0) returned 6 [0060.977] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xb9, lpName=0x1d87360, cchName=0x104 | out: lpName="MpsSvc") returned 0x0 [0060.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpssvc", lpUsedDefaultChar=0x0) returned 6 [0060.977] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xba, lpName=0x1d87360, cchName=0x104 | out: lpName="MRxDAV") returned 0x0 [0060.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxdav", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxdav", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxdav", lpUsedDefaultChar=0x0) returned 6 [0060.977] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xbb, lpName=0x1d87360, cchName=0x104 | out: lpName="mrxsmb") returned 0x0 [0060.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxsmb", lpUsedDefaultChar=0x0) returned 6 [0060.978] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xbc, lpName=0x1d87360, cchName=0x104 | out: lpName="mrxsmb10") returned 0x0 [0060.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb10", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb10", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxsmb10", lpUsedDefaultChar=0x0) returned 8 [0060.978] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xbd, lpName=0x1d87360, cchName=0x104 | out: lpName="mrxsmb20") returned 0x0 [0060.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb20", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mrxsmb20", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mrxsmb20", lpUsedDefaultChar=0x0) returned 8 [0060.978] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xbe, lpName=0x1d87360, cchName=0x104 | out: lpName="msahci") returned 0x0 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msahci", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msahci", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msahci", lpUsedDefaultChar=0x0) returned 6 [0060.979] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xbf, lpName=0x1d87360, cchName=0x104 | out: lpName="msdsm") returned 0x0 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdsm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdsm", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdsm", lpUsedDefaultChar=0x0) returned 5 [0060.979] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc0, lpName=0x1d87360, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x1d94db0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0060.979] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc1, lpName=0x1d87360, cchName=0x104 | out: lpName="MSDTC Bridge 3.0.0.0") returned 0x0 [0060.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 3.0.0.0", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 3.0.0.0", cchWideChar=20, lpMultiByteStr=0x1d94d20, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc bridge 3.0.0.0", lpUsedDefaultChar=0x0) returned 20 [0060.980] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc2, lpName=0x1d87360, cchName=0x104 | out: lpName="MSDTC Bridge 4.0.0.0") returned 0x0 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 4.0.0.0", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc bridge 4.0.0.0", cchWideChar=20, lpMultiByteStr=0x1d94db0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc bridge 4.0.0.0", lpUsedDefaultChar=0x0) returned 20 [0060.980] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc3, lpName=0x1d87360, cchName=0x104 | out: lpName="Msfs") returned 0x0 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msfs", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msfs", cchWideChar=4, lpMultiByteStr=0x1d94d20, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msfs", lpUsedDefaultChar=0x0) returned 4 [0060.980] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc4, lpName=0x1d87360, cchName=0x104 | out: lpName="mshidkmdf") returned 0x0 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mshidkmdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mshidkmdf", cchWideChar=9, lpMultiByteStr=0x1d94db0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mshidkmdf", lpUsedDefaultChar=0x0) returned 9 [0060.980] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc5, lpName=0x1d87360, cchName=0x104 | out: lpName="msisadrv") returned 0x0 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msisadrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msisadrv", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msisadrv", lpUsedDefaultChar=0x0) returned 8 [0060.981] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc6, lpName=0x1d87360, cchName=0x104 | out: lpName="MSiSCSI") returned 0x0 [0060.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x1d94db0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiscsi", lpUsedDefaultChar=0x0) returned 7 [0060.981] RegEnumKeyW (in: hKey=0x16c, dwIndex=0xc7, lpName=0x1d87360, cchName=0x104 | out: lpName="msiserver") returned 0x0 [0060.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x1d94d20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiserver", lpUsedDefaultChar=0x0) returned 9 [0060.981] RegOpenKeyExW (in: hKey=0x16c, lpSubKey="msiserver", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x170) returned 0x0 [0060.981] RegCloseKey (hKey=0x16c) returned 0x0 [0060.981] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0060.981] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0060.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x1d94db0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0060.982] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0060.982] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="SAM") returned 0x0 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x1d94db0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0060.982] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0060.982] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0060.983] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="SYSTEM") returned 0x0 [0060.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x1d94d20, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0060.984] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0xcc) returned 0x0 [0060.984] RegCloseKey (hKey=0x80000002) returned 0x0 [0060.984] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet001") returned 0x0 [0060.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset001", cchWideChar=13, lpMultiByteStr=0x1d94db0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset001", lpUsedDefaultChar=0x0) returned 13 [0060.984] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="ControlSet002") returned 0x0 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controlset002", cchWideChar=13, lpMultiByteStr=0x1d94d20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controlset002", lpUsedDefaultChar=0x0) returned 13 [0060.985] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="MountedDevices") returned 0x0 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mounteddevices", cchWideChar=14, lpMultiByteStr=0x1d94db0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mounteddevices", lpUsedDefaultChar=0x0) returned 14 [0060.985] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="RNG") returned 0x0 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rng", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rng", lpUsedDefaultChar=0x0) returned 3 [0060.985] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="Select") returned 0x0 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0060.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x1d94db0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="select", lpUsedDefaultChar=0x0) returned 6 [0060.985] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName="Setup") returned 0x0 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="setup", cchWideChar=5, lpMultiByteStr=0x1d94d20, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setup", lpUsedDefaultChar=0x0) returned 5 [0060.986] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName="Software") returned 0x0 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0060.986] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="WPA") returned 0x0 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wpa", cchWideChar=3, lpMultiByteStr=0x1d94d20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wpa", lpUsedDefaultChar=0x0) returned 3 [0060.986] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="CurrentControlSet") returned 0x0 [0060.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentcontrolset", cchWideChar=17, lpMultiByteStr=0x1d94db0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentcontrolset", lpUsedDefaultChar=0x0) returned 17 [0060.987] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="CurrentControlSet", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0x16c) returned 0x0 [0060.987] RegCloseKey (hKey=0xcc) returned 0x0 [0060.987] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName="Control") returned 0x0 [0060.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=7, lpMultiByteStr=0x1d94d20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control", lpUsedDefaultChar=0x0) returned 7 [0060.987] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName="Enum") returned 0x0 [0060.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enum", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enum", lpUsedDefaultChar=0x0) returned 4 [0060.987] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName="Hardware Profiles") returned 0x0 [0060.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware profiles", cchWideChar=17, lpMultiByteStr=0x1d94d20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware profiles", lpUsedDefaultChar=0x0) returned 17 [0060.988] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName="Policies") returned 0x0 [0060.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x1d94db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0060.988] RegEnumKeyW (in: hKey=0x16c, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName="services") returned 0x0 [0060.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services", lpUsedDefaultChar=0x0) returned 8 [0060.988] RegOpenKeyExW (in: hKey=0x16c, lpSubKey="services", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fb70 | out: phkResult=0x18fb70*=0xcc) returned 0x0 [0060.988] RegCloseKey (hKey=0x16c) returned 0x0 [0060.989] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Data") returned 0x0 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr data", cchWideChar=13, lpMultiByteStr=0x1d94db0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr data", lpUsedDefaultChar=0x0) returned 13 [0060.989] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking") returned 0x0 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking", cchWideChar=19, lpMultiByteStr=0x1d94d20, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking", lpUsedDefaultChar=0x0) returned 19 [0060.989] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET CLR Networking 4.0.0.0") returned 0x0 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net clr networking 4.0.0.0", cchWideChar=27, lpMultiByteStr=0x1d94db0, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net clr networking 4.0.0.0", lpUsedDefaultChar=0x0) returned 27 [0060.989] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for Oracle") returned 0x0 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0060.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for oracle", cchWideChar=29, lpMultiByteStr=0x1d94d20, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for oracle", lpUsedDefaultChar=0x0) returned 29 [0060.990] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Data Provider for SqlServer") returned 0x0 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net data provider for sqlserver", cchWideChar=32, lpMultiByteStr=0x1d94db0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net data provider for sqlserver", lpUsedDefaultChar=0x0) returned 32 [0060.990] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x5, lpName=0x1d87360, cchName=0x104 | out: lpName=".NET Memory Cache 4.0") returned 0x0 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".net memory cache 4.0", cchWideChar=21, lpMultiByteStr=0x1d94d20, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".net memory cache 4.0", lpUsedDefaultChar=0x0) returned 21 [0060.990] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x6, lpName=0x1d87360, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x1d94db0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0060.990] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x7, lpName=0x1d87360, cchName=0x104 | out: lpName="1394ohci") returned 0x0 [0060.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1394ohci", cchWideChar=8, lpMultiByteStr=0x1d94d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1394ohci", lpUsedDefaultChar=0x0) returned 8 [0060.991] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x8, lpName=0x1d87360, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0060.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0060.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="acpi", cchWideChar=4, lpMultiByteStr=0x1d94db0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acpi", lpUsedDefaultChar=0x0) returned 4 [0060.991] RegEnumValueA (in: hKey=0x170, dwIndex=0x0, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DisplayName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.991] RegEnumValueA (in: hKey=0x170, dwIndex=0x1, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ImagePath", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x2, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Description", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x3, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ObjectName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x4, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ErrorControl", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x5, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Start", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x6, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Type", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x7, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DependOnService", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x8, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceSidType", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.992] RegEnumValueA (in: hKey=0x170, dwIndex=0x9, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="RequiredPrivileges", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.993] RegEnumValueA (in: hKey=0x170, dwIndex=0xa, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.993] RegEnumValueA (in: hKey=0x170, dwIndex=0xb, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0060.993] RegSetValueExA (in: hKey=0x16c, lpValueName="RequiredPrivileges", Reserved=0x0, dwType=0x7, lpData=0x1d86e90*, cbData=0x23f | out: lpData=0x1d86e90*) returned 0x0 [0060.993] RegEnumValueA (in: hKey=0x170, dwIndex=0x0, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DisplayName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.993] RegEnumValueA (in: hKey=0x170, dwIndex=0x1, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ImagePath", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.993] RegEnumValueA (in: hKey=0x170, dwIndex=0x2, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Description", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x3, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ObjectName", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x4, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ErrorControl", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x5, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Start", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x6, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="Type", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x7, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="DependOnService", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x8, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceSidType", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0x9, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="RequiredPrivileges", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0xa, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0060.994] RegEnumValueA (in: hKey=0x170, dwIndex=0xb, lpValueName=0x18fa8c, lpcchValueName=0x18fa88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FailureActions", lpcchValueName=0x18fa88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0060.995] RegSetValueExA (in: hKey=0x16c, lpValueName="ObjectName", Reserved=0x0, dwType=0x1, lpData="LocalSystem", cbData=0xc | out: lpData="LocalSystem") returned 0x0 [0060.995] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v4.0.30319_32", dwDesiredAccess=0x2) returned 0x324ce0 [0060.995] ChangeServiceConfigW (in: hService=0x324ce0, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0061.052] CloseServiceHandle (hSCObject=0x324ce0) returned 1 [0061.061] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0061.062] SetFileTime (hFile=0x170, lpCreationTime=0x0, lpLastAccessTime=0x18fc38, lpLastWriteTime=0x18fc38) returned 1 [0061.062] GetFileSize (in: hFile=0x170, lpFileSizeHigh=0x18fc24 | out: lpFileSizeHigh=0x18fc24*=0x0) returned 0x196b8 [0061.062] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fc30*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fc30*=0) returned 0x0 [0061.062] ReadFile (in: hFile=0x170, lpBuffer=0x1d9a0a8, nNumberOfBytesToRead=0x196b8, lpNumberOfBytesRead=0x18fc64, lpOverlapped=0x0 | out: lpBuffer=0x1d9a0a8*, lpNumberOfBytesRead=0x18fc64*=0x196b8, lpOverlapped=0x0) returned 1 [0061.074] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fc54*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x18fc54*=0) returned 0x0 [0061.074] WriteFile (in: hFile=0x170, lpBuffer=0x1db68b0*, nNumberOfBytesToWrite=0x2c800, lpNumberOfBytesWritten=0x18fc64, lpOverlapped=0x0 | out: lpBuffer=0x1db68b0*, lpNumberOfBytesWritten=0x18fc64*=0x2c800, lpOverlapped=0x0) returned 1 [0061.077] SetEndOfFile (hFile=0x170) returned 1 [0061.077] GetFileTime (in: hFile=0x170, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x18fdb0 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x18fdb0*(dwLowDateTime=0xef914800, dwHighDateTime=0x1d0aa91)) returned 1 [0061.077] FileTimeToSystemTime (in: lpFileTime=0x18fdb0, lpSystemTime=0x18fd80 | out: lpSystemTime=0x18fd80) returned 1 [0061.077] SystemTimeToFileTime (in: lpSystemTime=0x18fd80, lpFileTime=0x18fdb0 | out: lpFileTime=0x18fdb0) returned 1 [0061.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe:0" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe:0"), fInfoLevelId=0x0, lpFileInformation=0x18fbf4 | out: lpFileInformation=0x18fbf4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x24f53, ftCreationTime.dwHighDateTime=0x18fc30, ftLastAccessTime.dwLowDateTime=0x77e90a45, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x8bffa05a, ftLastWriteTime.dwHighDateTime=0x18fdb8, nFileSizeHigh=0x2, nFileSizeLow=0x18fd54)) returned 0 [0061.078] GetLastError () returned 0x2 [0061.078] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe:0" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe:0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0061.078] SetFileTime (hFile=0x170, lpCreationTime=0x0, lpLastAccessTime=0x18fc38, lpLastWriteTime=0x18fc38) returned 1 [0061.078] WriteFile (in: hFile=0x170, lpBuffer=0x1de30b8*, nNumberOfBytesToWrite=0x196b8, lpNumberOfBytesWritten=0x18fc64, lpOverlapped=0x0 | out: lpBuffer=0x1de30b8*, lpNumberOfBytesWritten=0x18fc64*=0x196b8, lpOverlapped=0x0) returned 1 [0061.080] SetFileTime (hFile=0x170, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x18fdb0) returned 1 [0061.081] NtClose (Handle=0x170) returned 0x0 [0061.086] OpenServiceW (hSCManager=0x324bf0, lpServiceName="clr_optimization_v4.0.30319_32", dwDesiredAccess=0x10) returned 0x324cb8 [0061.086] StartServiceW (hService=0x324cb8, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 1 [0076.750] CloseServiceHandle (hSCObject=0x324cb8) returned 1 [0076.750] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0x1388) returned 0x0 [0076.817] CloseServiceHandle (hSCObject=0x324bf0) returned 1 [0076.820] ReleaseMutex (hMutex=0x158) returned 0 [0076.820] GetLastError () returned 0x120 [0076.820] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\VQBKVY~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\vqbkvy~1")) returned 1 [0076.821] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0076.821] ExitProcess (uExitCode=0x0) Thread: id = 5 os_tid = 0x9f4 Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x501cf000" os_pid = "0x9f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x9ec" cmd_line = "C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 349 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 350 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 351 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 352 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 353 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 354 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 355 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 356 start_va = 0x7fff8000 end_va = 0x7fff8fff entry_point = 0x0 region_type = private name = "private_0x000000007fff8000" filename = "" Region: id = 357 start_va = 0xff9d0000 end_va = 0xff9fcfff entry_point = 0xff9d0000 region_type = mapped_file name = "vssadmin.exe" filename = "\\Windows\\System32\\vssadmin.exe" (normalized: "c:\\windows\\system32\\vssadmin.exe") Region: id = 358 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 359 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 360 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 361 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 362 start_va = 0x60000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 363 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 364 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 367 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 368 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 369 start_va = 0x160000 end_va = 0x1c6fff entry_point = 0x160000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 370 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 371 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 372 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 373 start_va = 0x7fefac50000 end_va = 0x7fefac66fff entry_point = 0x7fefac50000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 374 start_va = 0x7fefac70000 end_va = 0x7fefae1ffff entry_point = 0x7fefac70000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 375 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 376 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 377 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 378 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 379 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 380 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 381 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 382 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 383 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 384 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 385 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 386 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 387 start_va = 0x3a0000 end_va = 0x527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 388 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 389 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 390 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 391 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 392 start_va = 0x260000 end_va = 0x26cfff entry_point = 0x260000 region_type = mapped_file name = "vssadmin.exe.mui" filename = "\\Windows\\System32\\en-US\\vssadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssadmin.exe.mui") Region: id = 393 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 394 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 395 start_va = 0x530000 end_va = 0x6b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 396 start_va = 0x6c0000 end_va = 0x1abffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 397 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 398 start_va = 0x1ac0000 end_va = 0x1ac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ac0000" filename = "" Region: id = 399 start_va = 0x1bc0000 end_va = 0x1c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 400 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 401 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 402 start_va = 0x1ad0000 end_va = 0x1ad0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ad0000" filename = "" Region: id = 403 start_va = 0x1d10000 end_va = 0x1d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 404 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 405 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 406 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 407 start_va = 0x1d90000 end_va = 0x205efff entry_point = 0x1d90000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 408 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Thread: id = 6 os_tid = 0x9fc Thread: id = 7 os_tid = 0xa0c Thread: id = 8 os_tid = 0xa10 Thread: id = 10 os_tid = 0xa1c Thread: id = 11 os_tid = 0xa20 Process: id = "4" image_name = "takeown.exe" filename = "c:\\windows\\system32\\takeown.exe" page_root = "0x505f4000" os_pid = "0xa14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x9ec" cmd_line = "C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\servicing\\TrustedInstaller.exe" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 409 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 410 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 411 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 412 start_va = 0x1b0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 413 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 414 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 415 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 416 start_va = 0x7fff8000 end_va = 0x7fff8fff entry_point = 0x0 region_type = private name = "private_0x000000007fff8000" filename = "" Region: id = 417 start_va = 0xff9d0000 end_va = 0xff9e2fff entry_point = 0xff9d0000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\System32\\takeown.exe" (normalized: "c:\\windows\\system32\\takeown.exe") Region: id = 418 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 419 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 420 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 421 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 422 start_va = 0x3a0000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 423 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 424 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 425 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 426 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 427 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 428 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 429 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 430 start_va = 0xe0000 end_va = 0xe3fff entry_point = 0xe0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\System32\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\takeown.exe.mui") Region: id = 431 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 432 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 433 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 434 start_va = 0x4a0000 end_va = 0x627fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 435 start_va = 0x630000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 436 start_va = 0x640000 end_va = 0x7c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 437 start_va = 0x7d0000 end_va = 0x1bcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 438 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 439 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 440 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 441 start_va = 0x7fefaaa0000 end_va = 0x7fefaab7fff entry_point = 0x7fefaaa0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 442 start_va = 0x7fefbd90000 end_va = 0x7fefbda4fff entry_point = 0x7fefbd90000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 443 start_va = 0x7fefbdb0000 end_va = 0x7fefbdbbfff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 444 start_va = 0x7fefbdc0000 end_va = 0x7fefbdd5fff entry_point = 0x7fefbdc0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 445 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 446 start_va = 0x7fefd990000 end_va = 0x7fefd9b2fff entry_point = 0x7fefd990000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 447 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 448 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 449 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 450 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 451 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 452 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 453 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 454 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 455 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 456 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 457 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 458 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 459 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 460 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 461 start_va = 0x1bd0000 end_va = 0x1e9efff entry_point = 0x1bd0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 462 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 463 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Thread: id = 9 os_tid = 0xa18 Thread: id = 12 os_tid = 0xa30 Process: id = "5" image_name = "icacls.exe" filename = "c:\\windows\\system32\\icacls.exe" page_root = "0x4fe7a000" os_pid = "0xa3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x9ec" cmd_line = "C:\\Windows\\system32\\icacls.exe C:\\Windows\\servicing\\TrustedInstaller.exe /reset" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 464 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 465 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 466 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 467 start_va = 0x50000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 468 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 469 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 470 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 471 start_va = 0x7fff7000 end_va = 0x7fff7fff entry_point = 0x0 region_type = private name = "private_0x000000007fff7000" filename = "" Region: id = 472 start_va = 0xff1a0000 end_va = 0xff1abfff entry_point = 0xff1a0000 region_type = mapped_file name = "icacls.exe" filename = "\\Windows\\System32\\icacls.exe" (normalized: "c:\\windows\\system32\\icacls.exe") Region: id = 473 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 474 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 475 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 476 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 477 start_va = 0x160000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 478 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 479 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 480 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 481 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 482 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 483 start_va = 0x140000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 484 start_va = 0x260000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 485 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 486 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 487 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 488 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 489 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 490 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 491 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 492 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Thread: id = 13 os_tid = 0xa40 Process: id = "6" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0x9ec" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 2540 start_va = 0x10000 end_va = 0x32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2541 start_va = 0x40000 end_va = 0x5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2542 start_va = 0x60000 end_va = 0x7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2543 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2544 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2545 start_va = 0x77e30000 end_va = 0x77faffff entry_point = 0x77e30000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2546 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2547 start_va = 0x7fff41d0000 end_va = 0x7fff41fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff41d0000" filename = "" Region: id = 2548 start_va = 0x7fff46d0000 end_va = 0x7fff46fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff46d0000" filename = "" Region: id = 2549 start_va = 0x7fff4bd0000 end_va = 0x7fff4bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff4bd0000" filename = "" Region: id = 2550 start_va = 0x7fff50d0000 end_va = 0x7fff50fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff50d0000" filename = "" Region: id = 2551 start_va = 0x7fff55d0000 end_va = 0x7fff55fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff55d0000" filename = "" Region: id = 2552 start_va = 0x7fff5ad0000 end_va = 0x7fff5afffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff5ad0000" filename = "" Region: id = 2553 start_va = 0x7fff5fd0000 end_va = 0x7fff5ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff5fd0000" filename = "" Region: id = 2554 start_va = 0x7fff64d0000 end_va = 0x7fff64fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff64d0000" filename = "" Region: id = 2555 start_va = 0x7fff69d0000 end_va = 0x7fff69fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff69d0000" filename = "" Region: id = 2556 start_va = 0x7fff6ed0000 end_va = 0x7fff6efffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff6ed0000" filename = "" Region: id = 2557 start_va = 0x7fff73d0000 end_va = 0x7fff73fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff73d0000" filename = "" Region: id = 2558 start_va = 0x7fff78d0000 end_va = 0x7fff78fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff78d0000" filename = "" Region: id = 2559 start_va = 0x7fff7dd0000 end_va = 0x7fff7dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff7dd0000" filename = "" Region: id = 2560 start_va = 0x7fff82d0000 end_va = 0x7fff82fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff82d0000" filename = "" Region: id = 2561 start_va = 0x7fff87d0000 end_va = 0x7fff87fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff87d0000" filename = "" Region: id = 2562 start_va = 0x7fff8cd0000 end_va = 0x7fff8cfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff8cd0000" filename = "" Region: id = 2563 start_va = 0x7fff91d0000 end_va = 0x7fff91fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff91d0000" filename = "" Region: id = 2564 start_va = 0x7fff96d0000 end_va = 0x7fff96fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff96d0000" filename = "" Region: id = 2565 start_va = 0x7fff9bd0000 end_va = 0x7fff9bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fff9bd0000" filename = "" Region: id = 2566 start_va = 0x7fffa0d0000 end_va = 0x7fffa0fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffa0d0000" filename = "" Region: id = 2567 start_va = 0x7fffa5d0000 end_va = 0x7fffa5fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffa5d0000" filename = "" Region: id = 2568 start_va = 0x7fffaad0000 end_va = 0x7fffaafffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffaad0000" filename = "" Region: id = 2569 start_va = 0x7fffafd0000 end_va = 0x7fffaffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffafd0000" filename = "" Region: id = 2570 start_va = 0x7fffb4d0000 end_va = 0x7fffb4fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffb4d0000" filename = "" Region: id = 2571 start_va = 0x7fffb9d0000 end_va = 0x7fffb9fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffb9d0000" filename = "" Region: id = 2572 start_va = 0x7fffbed0000 end_va = 0x7fffbefffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffbed0000" filename = "" Region: id = 2573 start_va = 0x7fffc3d0000 end_va = 0x7fffc3fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffc3d0000" filename = "" Region: id = 2574 start_va = 0x7fffc8d0000 end_va = 0x7fffc8fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffc8d0000" filename = "" Region: id = 2575 start_va = 0x7fffcdd0000 end_va = 0x7fffcdfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffcdd0000" filename = "" Region: id = 2576 start_va = 0x7fffd2d0000 end_va = 0x7fffd2fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffd2d0000" filename = "" Region: id = 2577 start_va = 0x7fffd7d0000 end_va = 0x7fffd7fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffd7d0000" filename = "" Region: id = 2578 start_va = 0x7fffdcd0000 end_va = 0x7fffdcfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffdcd0000" filename = "" Region: id = 2579 start_va = 0x7fffe1d0000 end_va = 0x7fffe1fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffe1d0000" filename = "" Region: id = 2580 start_va = 0x7fffe6d0000 end_va = 0x7fffe6fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffe6d0000" filename = "" Region: id = 2581 start_va = 0x7fffebd0000 end_va = 0x7fffebfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffebd0000" filename = "" Region: id = 2582 start_va = 0x7ffff0d0000 end_va = 0x7ffff0fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007ffff0d0000" filename = "" Region: id = 2583 start_va = 0x7ffff5d0000 end_va = 0x7ffff5fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007ffff5d0000" filename = "" Region: id = 2584 start_va = 0x7ffffad0000 end_va = 0x7ffffafffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007ffffad0000" filename = "" Thread: id = 14 os_tid = 0x650 Thread: id = 15 os_tid = 0x18 Thread: id = 16 os_tid = 0x8fc Thread: id = 17 os_tid = 0xbc Thread: id = 18 os_tid = 0x50 Thread: id = 19 os_tid = 0x7f0 Thread: id = 20 os_tid = 0x30 Thread: id = 21 os_tid = 0x7c Thread: id = 22 os_tid = 0x43c Thread: id = 23 os_tid = 0xa0 Thread: id = 24 os_tid = 0x7d4 Thread: id = 25 os_tid = 0x60 Thread: id = 26 os_tid = 0x734 Thread: id = 27 os_tid = 0x6ac Thread: id = 28 os_tid = 0x158 Thread: id = 29 os_tid = 0x7c4 Thread: id = 30 os_tid = 0x20 Thread: id = 31 os_tid = 0x1c Thread: id = 32 os_tid = 0x94 Thread: id = 33 os_tid = 0x84 Thread: id = 34 os_tid = 0x658 Thread: id = 35 os_tid = 0x654 Thread: id = 36 os_tid = 0x644 Thread: id = 37 os_tid = 0x62c Thread: id = 38 os_tid = 0x620 Thread: id = 39 os_tid = 0x610 Thread: id = 40 os_tid = 0x5a8 Thread: id = 41 os_tid = 0x584 Thread: id = 42 os_tid = 0x78 Thread: id = 43 os_tid = 0x4bc Thread: id = 44 os_tid = 0x4b4 Thread: id = 45 os_tid = 0x24 Thread: id = 46 os_tid = 0x68 Thread: id = 47 os_tid = 0x45c Thread: id = 48 os_tid = 0x98 Thread: id = 49 os_tid = 0x144 Thread: id = 50 os_tid = 0x3d0 Thread: id = 51 os_tid = 0xd0 Thread: id = 52 os_tid = 0xd4 Thread: id = 53 os_tid = 0x88 Thread: id = 54 os_tid = 0x80 Thread: id = 55 os_tid = 0x8c Thread: id = 56 os_tid = 0x5c Thread: id = 57 os_tid = 0x90 Thread: id = 58 os_tid = 0x308 Thread: id = 59 os_tid = 0xb0 Thread: id = 60 os_tid = 0x9c Thread: id = 61 os_tid = 0x288 Thread: id = 62 os_tid = 0x74 Thread: id = 63 os_tid = 0x124 Thread: id = 64 os_tid = 0x34 Thread: id = 65 os_tid = 0x100 Thread: id = 66 os_tid = 0x198 Thread: id = 67 os_tid = 0x4c Thread: id = 68 os_tid = 0xc4 Thread: id = 69 os_tid = 0x15c Thread: id = 70 os_tid = 0x158 Thread: id = 71 os_tid = 0x150 Thread: id = 72 os_tid = 0x130 Thread: id = 73 os_tid = 0x138 Thread: id = 74 os_tid = 0x128 Thread: id = 75 os_tid = 0xb8 Thread: id = 76 os_tid = 0x3c Thread: id = 77 os_tid = 0x28 Thread: id = 78 os_tid = 0x38 Thread: id = 79 os_tid = 0x40 Thread: id = 80 os_tid = 0x48 Thread: id = 81 os_tid = 0x64 Thread: id = 82 os_tid = 0x110 Thread: id = 83 os_tid = 0x10c Thread: id = 84 os_tid = 0xc0 Thread: id = 85 os_tid = 0x44 Thread: id = 86 os_tid = 0x8 Thread: id = 87 os_tid = 0x0 Thread: id = 336 os_tid = 0xae4 Thread: id = 341 os_tid = 0xb04 Thread: id = 344 os_tid = 0xb0c Thread: id = 345 os_tid = 0xb10 Thread: id = 346 os_tid = 0xf8 Thread: id = 347 os_tid = 0xb14 Thread: id = 348 os_tid = 0xb18 Thread: id = 350 os_tid = 0xb20 Thread: id = 356 os_tid = 0xb50 Thread: id = 361 os_tid = 0xb00 Thread: id = 363 os_tid = 0xb7c Thread: id = 371 os_tid = 0xbcc Thread: id = 377 os_tid = 0x810 Thread: id = 378 os_tid = 0x81c Thread: id = 379 os_tid = 0x770 Thread: id = 380 os_tid = 0x824 Thread: id = 381 os_tid = 0x690 Thread: id = 383 os_tid = 0xcc Thread: id = 385 os_tid = 0x450 Thread: id = 386 os_tid = 0x4f8 Thread: id = 387 os_tid = 0x5d8 Thread: id = 389 os_tid = 0x574 Thread: id = 390 os_tid = 0x844 Thread: id = 392 os_tid = 0x838 Thread: id = 393 os_tid = 0x834 Thread: id = 395 os_tid = 0x6fc Thread: id = 396 os_tid = 0x864 Thread: id = 397 os_tid = 0x870 Thread: id = 404 os_tid = 0x54 Thread: id = 408 os_tid = 0x804 Process: id = "7" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1d2e5000" os_pid = "0x1d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0x9ec" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 493 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 494 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 495 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 496 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 497 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 498 start_va = 0x140000 end_va = 0x141fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 499 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 500 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 501 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 502 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 503 start_va = 0x1e0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 504 start_va = 0x200000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 505 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 506 start_va = 0x400000 end_va = 0x587fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 507 start_va = 0x590000 end_va = 0x710fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 508 start_va = 0x720000 end_va = 0x7dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 509 start_va = 0x7e0000 end_va = 0xbd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 510 start_va = 0xc40000 end_va = 0xcbffff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 511 start_va = 0xd20000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 512 start_va = 0xdb0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 513 start_va = 0xdf0000 end_va = 0xe6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 514 start_va = 0xe90000 end_va = 0xf0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 515 start_va = 0xf60000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 516 start_va = 0x1020000 end_va = 0x109ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 517 start_va = 0x10e0000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 518 start_va = 0x1160000 end_va = 0x11dffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 519 start_va = 0x11e0000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 520 start_va = 0x12b0000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 521 start_va = 0x1560000 end_va = 0x15dffff entry_point = 0x0 region_type = private name = "private_0x0000000001560000" filename = "" Region: id = 522 start_va = 0x1630000 end_va = 0x16affff entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 523 start_va = 0x1750000 end_va = 0x17cffff entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 524 start_va = 0x1800000 end_va = 0x187ffff entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 525 start_va = 0x18a0000 end_va = 0x191ffff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 526 start_va = 0x1960000 end_va = 0x19dffff entry_point = 0x0 region_type = private name = "private_0x0000000001960000" filename = "" Region: id = 527 start_va = 0x19e0000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 528 start_va = 0x1ae0000 end_va = 0x1daefff entry_point = 0x1ae0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 529 start_va = 0x1db0000 end_va = 0x1eaffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 530 start_va = 0x1eb0000 end_va = 0x20affff entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 531 start_va = 0x20b0000 end_va = 0x22affff entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 532 start_va = 0x22b0000 end_va = 0x26affff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 533 start_va = 0x2750000 end_va = 0x27cffff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 534 start_va = 0x27d0000 end_va = 0x284ffff entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 535 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 536 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 537 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 538 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 539 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 540 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 541 start_va = 0xff470000 end_va = 0xff4c2fff entry_point = 0xff470000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 542 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 543 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 544 start_va = 0x7fefd050000 end_va = 0x7fefd088fff entry_point = 0x7fefd050000 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 545 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 546 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 547 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 548 start_va = 0x7fefd680000 end_va = 0x7fefd6aefff entry_point = 0x7fefd680000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 549 start_va = 0x7fefd990000 end_va = 0x7fefd9b2fff entry_point = 0x7fefd990000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 550 start_va = 0x7fefd9c0000 end_va = 0x7fefda26fff entry_point = 0x7fefd9c0000 region_type = mapped_file name = "scesrv.dll" filename = "\\Windows\\System32\\scesrv.dll" (normalized: "c:\\windows\\system32\\scesrv.dll") Region: id = 551 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 552 start_va = 0x7fefda40000 end_va = 0x7fefda58fff entry_point = 0x7fefda40000 region_type = mapped_file name = "scext.dll" filename = "\\Windows\\System32\\scext.dll" (normalized: "c:\\windows\\system32\\scext.dll") Region: id = 553 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 554 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 555 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 556 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 557 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 558 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 559 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 560 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 561 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 562 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 563 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 564 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 565 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 566 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 567 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 568 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 569 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 570 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 571 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 572 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 573 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 574 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 575 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 576 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 577 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 578 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 579 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 580 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 581 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 582 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 583 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 584 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 585 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 586 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 587 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 588 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 589 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 88 os_tid = 0x578 Thread: id = 89 os_tid = 0x464 Thread: id = 90 os_tid = 0x350 Thread: id = 91 os_tid = 0x514 Thread: id = 92 os_tid = 0x500 Thread: id = 93 os_tid = 0x4f4 Thread: id = 94 os_tid = 0x454 Thread: id = 95 os_tid = 0x404 Thread: id = 96 os_tid = 0x284 Thread: id = 97 os_tid = 0x24c Thread: id = 98 os_tid = 0x248 Thread: id = 99 os_tid = 0x238 Thread: id = 100 os_tid = 0x234 Thread: id = 101 os_tid = 0x228 Thread: id = 102 os_tid = 0x224 Thread: id = 103 os_tid = 0x220 Thread: id = 104 os_tid = 0x21c Thread: id = 342 os_tid = 0xb08 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xe9ae000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006b58" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1005 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1006 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1007 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1008 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1009 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1010 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1011 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1012 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1013 start_va = 0xf0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1014 start_va = 0x100000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1015 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 1016 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1017 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1018 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1019 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1020 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 1021 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1022 start_va = 0x2e0000 end_va = 0x2e3fff entry_point = 0x2e0000 region_type = mapped_file name = "umpnpmgr.dll.mui" filename = "\\Windows\\System32\\en-US\\umpnpmgr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpnpmgr.dll.mui") Region: id = 1023 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1024 start_va = 0x470000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1025 start_va = 0x4f0000 end_va = 0x5affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1026 start_va = 0x600000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1027 start_va = 0x730000 end_va = 0x9fefff entry_point = 0x730000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1028 start_va = 0xa00000 end_va = 0xb87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1029 start_va = 0xb90000 end_va = 0xd10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 1030 start_va = 0xd20000 end_va = 0x1112fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 1031 start_va = 0x1150000 end_va = 0x11cffff entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 1032 start_va = 0x1200000 end_va = 0x127ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1033 start_va = 0x1290000 end_va = 0x130ffff entry_point = 0x0 region_type = private name = "private_0x0000000001290000" filename = "" Region: id = 1034 start_va = 0x1310000 end_va = 0x140ffff entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1035 start_va = 0x14d0000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 1036 start_va = 0x1550000 end_va = 0x164ffff entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 1037 start_va = 0x1660000 end_va = 0x16dffff entry_point = 0x0 region_type = private name = "private_0x0000000001660000" filename = "" Region: id = 1038 start_va = 0x16e0000 end_va = 0x175ffff entry_point = 0x0 region_type = private name = "private_0x00000000016e0000" filename = "" Region: id = 1039 start_va = 0x1800000 end_va = 0x187ffff entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1040 start_va = 0x1910000 end_va = 0x198ffff entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 1041 start_va = 0x1ba0000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ba0000" filename = "" Region: id = 1042 start_va = 0x1dc0000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 1043 start_va = 0x1ea0000 end_va = 0x1f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 1044 start_va = 0x1f20000 end_va = 0x201ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1045 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1046 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1047 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1048 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1049 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1050 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1051 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1052 start_va = 0x7fef8640000 end_va = 0x7fef8665fff entry_point = 0x7fef8640000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1053 start_va = 0x7fef8760000 end_va = 0x7fef8773fff entry_point = 0x7fef8760000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1054 start_va = 0x7fef8a40000 end_va = 0x7fef8a4efff entry_point = 0x7fef8a40000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1055 start_va = 0x7fef8a50000 end_va = 0x7fef8a76fff entry_point = 0x7fef8a50000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1056 start_va = 0x7fef8a80000 end_va = 0x7fef8b61fff entry_point = 0x7fef8a80000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1057 start_va = 0x7fef8b70000 end_va = 0x7fef8ba1fff entry_point = 0x7fef8b70000 region_type = mapped_file name = "wmidcprv.dll" filename = "\\Windows\\System32\\wbem\\WmiDcPrv.dll" (normalized: "c:\\windows\\system32\\wbem\\wmidcprv.dll") Region: id = 1058 start_va = 0x7fef8cf0000 end_va = 0x7fef8d75fff entry_point = 0x7fef8cf0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1059 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1060 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1061 start_va = 0x7fefce60000 end_va = 0x7fefcee0fff entry_point = 0x7fefce60000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1062 start_va = 0x7fefcef0000 end_va = 0x7fefcf1bfff entry_point = 0x7fefcef0000 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1063 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1064 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1065 start_va = 0x7fefcf60000 end_va = 0x7fefcf71fff entry_point = 0x7fefcf60000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1066 start_va = 0x7fefcf80000 end_va = 0x7fefcf9efff entry_point = 0x7fefcf80000 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1067 start_va = 0x7fefcfa0000 end_va = 0x7fefd006fff entry_point = 0x7fefcfa0000 region_type = mapped_file name = "umpnpmgr.dll" filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll") Region: id = 1068 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1069 start_va = 0x7fefd0a0000 end_va = 0x7fefd0acfff entry_point = 0x7fefd0a0000 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1070 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1071 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1072 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1073 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1074 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1075 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1076 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1077 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1078 start_va = 0x7fefdc50000 end_va = 0x7fefdc89fff entry_point = 0x7fefdc50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1079 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1080 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1081 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1082 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1083 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1084 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1085 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1086 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1087 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1088 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1089 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1090 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1091 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1092 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1093 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1094 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1095 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1096 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1097 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1098 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1099 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1100 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1101 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1102 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1103 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1104 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1105 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1106 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1107 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1108 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1109 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1110 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1111 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1112 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1113 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Thread: id = 105 os_tid = 0x5ec Thread: id = 106 os_tid = 0x394 Thread: id = 107 os_tid = 0x29c Thread: id = 108 os_tid = 0x298 Thread: id = 109 os_tid = 0x280 Thread: id = 110 os_tid = 0x27c Thread: id = 111 os_tid = 0x278 Thread: id = 112 os_tid = 0x274 Thread: id = 113 os_tid = 0x268 Thread: id = 114 os_tid = 0x260 Thread: id = 115 os_tid = 0x25c Thread: id = 116 os_tid = 0x254 Thread: id = 394 os_tid = 0x830 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xe5ab000" os_pid = "0x290" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a2ce" [0xc000000f], "LOCAL" [0x7] Region: id = 590 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 591 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 592 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 593 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 594 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 595 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 596 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 597 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 598 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 599 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 600 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 601 start_va = 0x1b0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 602 start_va = 0x240000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 603 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 604 start_va = 0x4a0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 605 start_va = 0x530000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 606 start_va = 0x5b0000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 607 start_va = 0x630000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 608 start_va = 0x6b0000 end_va = 0x97efff entry_point = 0x6b0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 609 start_va = 0x9a0000 end_va = 0xa1ffff entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 610 start_va = 0xa30000 end_va = 0xaaffff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 611 start_va = 0xb80000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 612 start_va = 0xc00000 end_va = 0xd87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 613 start_va = 0xd90000 end_va = 0xf10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d90000" filename = "" Region: id = 614 start_va = 0xf20000 end_va = 0xfdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f20000" filename = "" Region: id = 615 start_va = 0xfe0000 end_va = 0x13d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 616 start_va = 0x13e0000 end_va = 0x14dffff entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 617 start_va = 0x1500000 end_va = 0x157ffff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 618 start_va = 0x1630000 end_va = 0x16affff entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 619 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 620 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 621 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 622 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 623 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 624 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 625 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 626 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 627 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 628 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 629 start_va = 0x7fefcd70000 end_va = 0x7fefce2afff entry_point = 0x7fefcd70000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 630 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 631 start_va = 0x7fefce40000 end_va = 0x7fefce53fff entry_point = 0x7fefce40000 region_type = mapped_file name = "rpcepmap.dll" filename = "\\Windows\\System32\\RpcEpMap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll") Region: id = 632 start_va = 0x7fefce60000 end_va = 0x7fefcee0fff entry_point = 0x7fefce60000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 633 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 634 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 635 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 636 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 637 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 638 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 639 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 640 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 641 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 642 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 643 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 644 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 645 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 646 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 647 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 648 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 649 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 650 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 651 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 652 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 653 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 654 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 655 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 656 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 657 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 658 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 659 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 660 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 661 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 662 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 663 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 664 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 665 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 666 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 667 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 668 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 669 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 117 os_tid = 0x2a4 Thread: id = 118 os_tid = 0x244 Thread: id = 119 os_tid = 0x748 Thread: id = 120 os_tid = 0x2bc Thread: id = 121 os_tid = 0x2b8 Thread: id = 122 os_tid = 0x2b0 Thread: id = 123 os_tid = 0x2a8 Thread: id = 124 os_tid = 0x2a0 Thread: id = 125 os_tid = 0x294 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xe67b000" os_pid = "0x2c4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a605" [0xc000000f], "LOCAL" [0x7] Region: id = 1501 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1502 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1503 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1504 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1505 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1506 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1507 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1508 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1509 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1510 start_va = 0x170000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1511 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1512 start_va = 0x1c0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1513 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1514 start_va = 0x2d0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1515 start_va = 0x2f0000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1516 start_va = 0x310000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1517 start_va = 0x330000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 1518 start_va = 0x430000 end_va = 0x5b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1519 start_va = 0x5c0000 end_va = 0x740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1520 start_va = 0x750000 end_va = 0x80ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 1521 start_va = 0x810000 end_va = 0xc02fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 1522 start_va = 0xc10000 end_va = 0xc62fff entry_point = 0xc10000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 1523 start_va = 0xc70000 end_va = 0xc70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 1524 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 1525 start_va = 0xc90000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 1526 start_va = 0xd10000 end_va = 0xd10fff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1527 start_va = 0xd20000 end_va = 0xd20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 1528 start_va = 0xd30000 end_va = 0xd31fff entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 1529 start_va = 0xd40000 end_va = 0xd40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 1530 start_va = 0xd90000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 1531 start_va = 0xe10000 end_va = 0xf0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1532 start_va = 0xf10000 end_va = 0xf71fff entry_point = 0xf10000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1533 start_va = 0x1010000 end_va = 0x12defff entry_point = 0x1010000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1534 start_va = 0x1300000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1535 start_va = 0x1380000 end_va = 0x13fffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 1536 start_va = 0x1430000 end_va = 0x14affff entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 1537 start_va = 0x14d0000 end_va = 0x14d7fff entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 1538 start_va = 0x1540000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 1539 start_va = 0x1680000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x0000000001680000" filename = "" Region: id = 1540 start_va = 0x1700000 end_va = 0x17fffff entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1541 start_va = 0x1870000 end_va = 0x18effff entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 1542 start_va = 0x1940000 end_va = 0x19bffff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1543 start_va = 0x19d0000 end_va = 0x1a4ffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 1544 start_va = 0x1ae0000 end_va = 0x1b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 1545 start_va = 0x1bb0000 end_va = 0x1c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 1546 start_va = 0x1cc0000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 1547 start_va = 0x1d40000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1548 start_va = 0x1f60000 end_va = 0x1fdffff entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1549 start_va = 0x20a0000 end_va = 0x211ffff entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 1550 start_va = 0x2120000 end_va = 0x251ffff entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1551 start_va = 0x2540000 end_va = 0x25bffff entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 1552 start_va = 0x25d0000 end_va = 0x264ffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 1553 start_va = 0x2690000 end_va = 0x270ffff entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 1554 start_va = 0x2710000 end_va = 0x2b12fff entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 1555 start_va = 0x2b20000 end_va = 0x331ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 1556 start_va = 0x33e0000 end_va = 0x345ffff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 1557 start_va = 0x34d0000 end_va = 0x354ffff entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 1558 start_va = 0x74420000 end_va = 0x74422fff entry_point = 0x74420000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Region: id = 1559 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1560 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1561 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1562 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1563 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1564 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1565 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1566 start_va = 0xff4e0000 end_va = 0xff541fff entry_point = 0xff4e0000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1567 start_va = 0x7fef6710000 end_va = 0x7fef675efff entry_point = 0x7fef6710000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1568 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1569 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1570 start_va = 0x7fefb590000 end_va = 0x7fefb5cafff entry_point = 0x7fefb590000 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1571 start_va = 0x7fefb5d0000 end_va = 0x7fefb620fff entry_point = 0x7fefb5d0000 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1572 start_va = 0x7fefb640000 end_va = 0x7fefb647fff entry_point = 0x7fefb640000 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 1573 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1574 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1575 start_va = 0x7fefb690000 end_va = 0x7fefb699fff entry_point = 0x7fefb690000 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1576 start_va = 0x7fefbb30000 end_va = 0x7fefbb38fff entry_point = 0x7fefbb30000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1577 start_va = 0x7fefbb40000 end_va = 0x7fefbb6bfff entry_point = 0x7fefbb40000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1578 start_va = 0x7fefbb70000 end_va = 0x7fefbc1bfff entry_point = 0x7fefbb70000 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 1579 start_va = 0x7fefc0b0000 end_va = 0x7fefc0fafff entry_point = 0x7fefc0b0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1580 start_va = 0x7fefc520000 end_va = 0x7fefc64bfff entry_point = 0x7fefc520000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1581 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1582 start_va = 0x7fefcbc0000 end_va = 0x7fefcd55fff entry_point = 0x7fefcbc0000 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1583 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1584 start_va = 0x7fefcd70000 end_va = 0x7fefce2afff entry_point = 0x7fefcd70000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1585 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1586 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1587 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1588 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1589 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1590 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1591 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1592 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1593 start_va = 0x7fefd6c0000 end_va = 0x7fefd72cfff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1594 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1595 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1596 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1597 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1598 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1599 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1600 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1601 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1602 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1603 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1604 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1605 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1606 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1607 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1608 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1609 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1610 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1611 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1612 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1613 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1614 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1615 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1616 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1617 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1618 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1619 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1620 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1621 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1622 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1623 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1624 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1625 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1626 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1627 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1628 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1629 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1630 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1631 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1632 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1633 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1634 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1635 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1636 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1637 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1638 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1639 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1640 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1641 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3259 start_va = 0xd50000 end_va = 0xd52fff entry_point = 0xd50000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Region: id = 3260 start_va = 0x36a0000 end_va = 0x36affff entry_point = 0x0 region_type = private name = "private_0x00000000036a0000" filename = "" Region: id = 3261 start_va = 0x38a0000 end_va = 0x38affff entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 3262 start_va = 0x7fef83d0000 end_va = 0x7fef83d7fff entry_point = 0x7fef83d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3263 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3264 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3265 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3266 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Thread: id = 126 os_tid = 0x9c8 Thread: id = 127 os_tid = 0x8e4 Thread: id = 128 os_tid = 0x874 Thread: id = 129 os_tid = 0x4b8 Thread: id = 130 os_tid = 0x47c Thread: id = 131 os_tid = 0x794 Thread: id = 132 os_tid = 0x790 Thread: id = 133 os_tid = 0x4d4 Thread: id = 134 os_tid = 0x4cc Thread: id = 135 os_tid = 0x4c8 Thread: id = 136 os_tid = 0x1cc Thread: id = 137 os_tid = 0x174 Thread: id = 138 os_tid = 0x3b8 Thread: id = 139 os_tid = 0x3b0 Thread: id = 140 os_tid = 0x3a0 Thread: id = 141 os_tid = 0x2f8 Thread: id = 142 os_tid = 0x2f4 Thread: id = 143 os_tid = 0x2dc Thread: id = 144 os_tid = 0x2d0 Thread: id = 145 os_tid = 0x2c8 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xdb83000" os_pid = "0x310" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a967" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1961 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1962 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1963 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1964 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1965 start_va = 0x50000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1966 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1967 start_va = 0x140000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1968 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1969 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1970 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1971 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1972 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 1973 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1974 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1975 start_va = 0x3a0000 end_va = 0x527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1976 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1977 start_va = 0x540000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1978 start_va = 0x550000 end_va = 0x6d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1979 start_va = 0x6e0000 end_va = 0x79ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 1980 start_va = 0x7a0000 end_va = 0xb92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1981 start_va = 0xba0000 end_va = 0xba1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 1982 start_va = 0xbb0000 end_va = 0xbb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 1983 start_va = 0xbc0000 end_va = 0xbc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 1984 start_va = 0xbd0000 end_va = 0xbd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 1985 start_va = 0xbe0000 end_va = 0xc5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 1986 start_va = 0xc60000 end_va = 0xc60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1987 start_va = 0xc70000 end_va = 0xc7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 1988 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 1989 start_va = 0xc90000 end_va = 0xc94fff entry_point = 0xc90000 region_type = mapped_file name = "sysmain.dll.mui" filename = "\\Windows\\System32\\en-US\\sysmain.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sysmain.dll.mui") Region: id = 1990 start_va = 0xca0000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 1991 start_va = 0xd40000 end_va = 0xdbffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 1992 start_va = 0xdc0000 end_va = 0xe3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1993 start_va = 0xe60000 end_va = 0xe6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 1994 start_va = 0xe70000 end_va = 0xeeffff entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 1995 start_va = 0xf10000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1996 start_va = 0xfa0000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1997 start_va = 0x1050000 end_va = 0x131efff entry_point = 0x1050000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1998 start_va = 0x1370000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 1999 start_va = 0x1480000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 2000 start_va = 0x1540000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 2001 start_va = 0x1600000 end_va = 0x167ffff entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 2002 start_va = 0x1680000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x0000000001680000" filename = "" Region: id = 2003 start_va = 0x1760000 end_va = 0x176ffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 2004 start_va = 0x1780000 end_va = 0x17fffff entry_point = 0x0 region_type = private name = "private_0x0000000001780000" filename = "" Region: id = 2005 start_va = 0x1820000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 2006 start_va = 0x18a0000 end_va = 0x191ffff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 2007 start_va = 0x1950000 end_va = 0x19cffff entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 2008 start_va = 0x19f0000 end_va = 0x1a6ffff entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 2009 start_va = 0x1ac0000 end_va = 0x1b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ac0000" filename = "" Region: id = 2010 start_va = 0x1b50000 end_va = 0x1b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 2011 start_va = 0x1b60000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 2012 start_va = 0x1c70000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2013 start_va = 0x1c80000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 2014 start_va = 0x1dd0000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001dd0000" filename = "" Region: id = 2015 start_va = 0x1e90000 end_va = 0x1f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 2016 start_va = 0x1f30000 end_va = 0x1faffff entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 2017 start_va = 0x1fb0000 end_va = 0x20affff entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 2018 start_va = 0x20b0000 end_va = 0x21affff entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 2019 start_va = 0x21d0000 end_va = 0x224ffff entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 2020 start_va = 0x2270000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 2021 start_va = 0x2300000 end_va = 0x230ffff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2022 start_va = 0x2350000 end_va = 0x235ffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 2023 start_va = 0x2420000 end_va = 0x249ffff entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 2024 start_va = 0x24a0000 end_va = 0x259ffff entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 2025 start_va = 0x25f0000 end_va = 0x25fffff entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 2026 start_va = 0x2600000 end_va = 0x26fffff entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 2027 start_va = 0x2700000 end_va = 0x27fffff entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2028 start_va = 0x2800000 end_va = 0x2ffffff entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2029 start_va = 0x3020000 end_va = 0x309ffff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 2030 start_va = 0x30a0000 end_va = 0x31d3fff entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 2031 start_va = 0x32e0000 end_va = 0x335ffff entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 2032 start_va = 0x3870000 end_va = 0x3a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000003870000" filename = "" Region: id = 2033 start_va = 0x3a70000 end_va = 0x3e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a70000" filename = "" Region: id = 2034 start_va = 0x3e70000 end_va = 0x466ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 2035 start_va = 0x4670000 end_va = 0x563ffff entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 2036 start_va = 0x5640000 end_va = 0x660ffff entry_point = 0x0 region_type = private name = "private_0x0000000005640000" filename = "" Region: id = 2037 start_va = 0x74440000 end_va = 0x74442fff entry_point = 0x74440000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 2038 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2039 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2040 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2041 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2042 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2043 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2044 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2045 start_va = 0x7fef5cf0000 end_va = 0x7fef5d2efff entry_point = 0x7fef5cf0000 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 2046 start_va = 0x7fef5e20000 end_va = 0x7fef5e3bfff entry_point = 0x7fef5e20000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 2047 start_va = 0x7fef5e40000 end_va = 0x7fef5f17fff entry_point = 0x7fef5e40000 region_type = mapped_file name = "rasdlg.dll" filename = "\\Windows\\System32\\rasdlg.dll" (normalized: "c:\\windows\\system32\\rasdlg.dll") Region: id = 2048 start_va = 0x7fef60e0000 end_va = 0x7fef636afff entry_point = 0x7fef60e0000 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 2049 start_va = 0x7fef6700000 end_va = 0x7fef670bfff entry_point = 0x7fef6700000 region_type = mapped_file name = "apphlpdm.dll" filename = "\\Windows\\System32\\Apphlpdm.dll" (normalized: "c:\\windows\\system32\\apphlpdm.dll") Region: id = 2050 start_va = 0x7fef69d0000 end_va = 0x7fef69e6fff entry_point = 0x7fef69d0000 region_type = mapped_file name = "portabledeviceconnectapi.dll" filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll") Region: id = 2051 start_va = 0x7fef6b50000 end_va = 0x7fef6c0cfff entry_point = 0x7fef6b50000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 2052 start_va = 0x7fef6c10000 end_va = 0x7fef6c30fff entry_point = 0x7fef6c10000 region_type = mapped_file name = "wpdbusenum.dll" filename = "\\Windows\\System32\\wpdbusenum.dll" (normalized: "c:\\windows\\system32\\wpdbusenum.dll") Region: id = 2053 start_va = 0x7fef7130000 end_va = 0x7fef7191fff entry_point = 0x7fef7130000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 2054 start_va = 0x7fef71a0000 end_va = 0x7fef71fbfff entry_point = 0x7fef71a0000 region_type = mapped_file name = "netman.dll" filename = "\\Windows\\System32\\netman.dll" (normalized: "c:\\windows\\system32\\netman.dll") Region: id = 2055 start_va = 0x7fef7530000 end_va = 0x7fef75abfff entry_point = 0x7fef7530000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 2056 start_va = 0x7fef86f0000 end_va = 0x7fef875afff entry_point = 0x7fef86f0000 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2057 start_va = 0x7fef8760000 end_va = 0x7fef8773fff entry_point = 0x7fef8760000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2058 start_va = 0x7fef89b0000 end_va = 0x7fef8a33fff entry_point = 0x7fef89b0000 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 2059 start_va = 0x7fef8a40000 end_va = 0x7fef8a4efff entry_point = 0x7fef8a40000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2060 start_va = 0x7fef8a50000 end_va = 0x7fef8a76fff entry_point = 0x7fef8a50000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2061 start_va = 0x7fef8a80000 end_va = 0x7fef8b61fff entry_point = 0x7fef8a80000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2062 start_va = 0x7fef8cf0000 end_va = 0x7fef8d75fff entry_point = 0x7fef8cf0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2063 start_va = 0x7fef8dc0000 end_va = 0x7fef8de1fff entry_point = 0x7fef8dc0000 region_type = mapped_file name = "trkwks.dll" filename = "\\Windows\\System32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll") Region: id = 2064 start_va = 0x7fef8df0000 end_va = 0x7fef8f9dfff entry_point = 0x7fef8df0000 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 2065 start_va = 0x7fef8fa0000 end_va = 0x7fef8faffff entry_point = 0x7fef8fa0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 2066 start_va = 0x7fef8fb0000 end_va = 0x7fef8fc1fff entry_point = 0x7fef8fb0000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 2067 start_va = 0x7fef8fd0000 end_va = 0x7fef9001fff entry_point = 0x7fef8fd0000 region_type = mapped_file name = "pcasvc.dll" filename = "\\Windows\\System32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll") Region: id = 2068 start_va = 0x7fefa4f0000 end_va = 0x7fefa546fff entry_point = 0x7fefa4f0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2069 start_va = 0x7fefaa60000 end_va = 0x7fefaa78fff entry_point = 0x7fefaa60000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 2070 start_va = 0x7fefae80000 end_va = 0x7fefaeb9fff entry_point = 0x7fefae80000 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 2071 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2072 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2073 start_va = 0x7fefb6a0000 end_va = 0x7fefb6affff entry_point = 0x7fefb6a0000 region_type = mapped_file name = "uxsms.dll" filename = "\\Windows\\System32\\uxsms.dll" (normalized: "c:\\windows\\system32\\uxsms.dll") Region: id = 2074 start_va = 0x7fefb740000 end_va = 0x7fefb74afff entry_point = 0x7fefb740000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 2075 start_va = 0x7fefb750000 end_va = 0x7fefb75bfff entry_point = 0x7fefb750000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2076 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2077 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2078 start_va = 0x7fefb8c0000 end_va = 0x7fefb8fcfff entry_point = 0x7fefb8c0000 region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 2079 start_va = 0x7fefb900000 end_va = 0x7fefba26fff entry_point = 0x7fefb900000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2080 start_va = 0x7fefba30000 end_va = 0x7fefba5ffff entry_point = 0x7fefba30000 region_type = mapped_file name = "peerdist.dll" filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll") Region: id = 2081 start_va = 0x7fefba60000 end_va = 0x7fefbb0bfff entry_point = 0x7fefba60000 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2082 start_va = 0x7fefbb30000 end_va = 0x7fefbb38fff entry_point = 0x7fefbb30000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2083 start_va = 0x7fefbb40000 end_va = 0x7fefbb6bfff entry_point = 0x7fefbb40000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2084 start_va = 0x7fefbb70000 end_va = 0x7fefbc1bfff entry_point = 0x7fefbb70000 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2085 start_va = 0x7fefbc20000 end_va = 0x7fefbc30fff entry_point = 0x7fefbc20000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2086 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2087 start_va = 0x7fefc050000 end_va = 0x7fefc084fff entry_point = 0x7fefc050000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2088 start_va = 0x7fefc0b0000 end_va = 0x7fefc0fafff entry_point = 0x7fefc0b0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2089 start_va = 0x7fefc520000 end_va = 0x7fefc64bfff entry_point = 0x7fefc520000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2090 start_va = 0x7fefc670000 end_va = 0x7fefc863fff entry_point = 0x7fefc670000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 2091 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2092 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2093 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2094 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2095 start_va = 0x7fefcf60000 end_va = 0x7fefcf71fff entry_point = 0x7fefcf60000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 2096 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2097 start_va = 0x7fefd0a0000 end_va = 0x7fefd0acfff entry_point = 0x7fefd0a0000 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 2098 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2099 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2100 start_va = 0x7fefd680000 end_va = 0x7fefd6aefff entry_point = 0x7fefd680000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2101 start_va = 0x7fefd6c0000 end_va = 0x7fefd72cfff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2102 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2103 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2104 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2105 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2106 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2107 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2108 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2109 start_va = 0x7fefdc50000 end_va = 0x7fefdc89fff entry_point = 0x7fefdc50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2110 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2111 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2112 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2113 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2114 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2115 start_va = 0x7fefe180000 end_va = 0x7fefef07fff entry_point = 0x7fefe180000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2116 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2117 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2118 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2119 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2120 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2121 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2122 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2123 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2124 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2125 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2126 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2127 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2128 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2129 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2130 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2131 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2132 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2133 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2134 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 2135 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 2136 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 2137 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2138 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2139 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 2140 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2141 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2142 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2143 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2144 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2145 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2146 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2147 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2148 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2149 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2150 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2151 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2152 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2153 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2154 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2155 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2156 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2157 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2158 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3340 start_va = 0x7fef6770000 end_va = 0x7fef678cfff entry_point = 0x7fef6770000 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Thread: id = 146 os_tid = 0xc0 Thread: id = 147 os_tid = 0x344 Thread: id = 148 os_tid = 0x5b4 Thread: id = 149 os_tid = 0x71c Thread: id = 150 os_tid = 0x758 Thread: id = 151 os_tid = 0x740 Thread: id = 152 os_tid = 0x738 Thread: id = 153 os_tid = 0x5b8 Thread: id = 154 os_tid = 0x5b0 Thread: id = 155 os_tid = 0x14c Thread: id = 156 os_tid = 0x3f8 Thread: id = 157 os_tid = 0x3e8 Thread: id = 158 os_tid = 0x3dc Thread: id = 159 os_tid = 0x3d8 Thread: id = 160 os_tid = 0x3c8 Thread: id = 161 os_tid = 0x3c4 Thread: id = 162 os_tid = 0x38c Thread: id = 163 os_tid = 0x388 Thread: id = 164 os_tid = 0x374 Thread: id = 165 os_tid = 0x370 Thread: id = 166 os_tid = 0x358 Thread: id = 167 os_tid = 0x354 Thread: id = 168 os_tid = 0x320 Thread: id = 169 os_tid = 0x314 Thread: id = 405 os_tid = 0x84c Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xc908000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b6da" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 743 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 744 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 745 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 746 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 747 start_va = 0x50000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 748 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 749 start_va = 0xe0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 750 start_va = 0x1e0000 end_va = 0x246fff entry_point = 0x1e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 751 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 752 start_va = 0x350000 end_va = 0x350fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 753 start_va = 0x360000 end_va = 0x360fff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 754 start_va = 0x370000 end_va = 0x370fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 755 start_va = 0x380000 end_va = 0x380fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 756 start_va = 0x390000 end_va = 0x390fff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 757 start_va = 0x3a0000 end_va = 0x3a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 758 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 759 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 760 start_va = 0x3d0000 end_va = 0x557fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 761 start_va = 0x560000 end_va = 0x6e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 762 start_va = 0x6f0000 end_va = 0x7affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 763 start_va = 0x7b0000 end_va = 0xba2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 764 start_va = 0xbb0000 end_va = 0xbb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 765 start_va = 0xbc0000 end_va = 0xbc3fff entry_point = 0xbc0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 766 start_va = 0xbd0000 end_va = 0xbfffff entry_point = 0xbd0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db") Region: id = 767 start_va = 0xc00000 end_va = 0xc0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 768 start_va = 0xc10000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 769 start_va = 0xc90000 end_va = 0xc93fff entry_point = 0xc90000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 770 start_va = 0xca0000 end_va = 0xca0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 771 start_va = 0xcb0000 end_va = 0xccbfff entry_point = 0xcb0000 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 772 start_va = 0xcd0000 end_va = 0xcd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 773 start_va = 0xce0000 end_va = 0xceffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 774 start_va = 0xcf0000 end_va = 0xd6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 775 start_va = 0xd90000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 776 start_va = 0xe40000 end_va = 0xebffff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 777 start_va = 0xec0000 end_va = 0xf25fff entry_point = 0xec0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 778 start_va = 0xf30000 end_va = 0xfaffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 779 start_va = 0xfb0000 end_va = 0x127efff entry_point = 0xfb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 780 start_va = 0x12b0000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 781 start_va = 0x1350000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 782 start_va = 0x1430000 end_va = 0x14affff entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 783 start_va = 0x14c0000 end_va = 0x153ffff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 784 start_va = 0x15b0000 end_va = 0x162ffff entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 785 start_va = 0x1630000 end_va = 0x16affff entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 786 start_va = 0x16d0000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x00000000016d0000" filename = "" Region: id = 787 start_va = 0x1760000 end_va = 0x17dffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 788 start_va = 0x1840000 end_va = 0x18bffff entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 789 start_va = 0x1960000 end_va = 0x19dffff entry_point = 0x0 region_type = private name = "private_0x0000000001960000" filename = "" Region: id = 790 start_va = 0x19e0000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 791 start_va = 0x1b50000 end_va = 0x1bcffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 792 start_va = 0x1c40000 end_va = 0x1cbffff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 793 start_va = 0x1cc0000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 794 start_va = 0x1d70000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 795 start_va = 0x1e20000 end_va = 0x1e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 796 start_va = 0x1ee0000 end_va = 0x1f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 797 start_va = 0x1f80000 end_va = 0x1f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 798 start_va = 0x1f90000 end_va = 0x200ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 799 start_va = 0x2040000 end_va = 0x20bffff entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 800 start_va = 0x20c0000 end_va = 0x213ffff entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 801 start_va = 0x2160000 end_va = 0x21dffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 802 start_va = 0x2210000 end_va = 0x228ffff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 803 start_va = 0x2290000 end_va = 0x25d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002290000" filename = "" Region: id = 804 start_va = 0x25e0000 end_va = 0x26dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 805 start_va = 0x2700000 end_va = 0x277ffff entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 806 start_va = 0x27f0000 end_va = 0x286ffff entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 807 start_va = 0x28c0000 end_va = 0x293ffff entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 808 start_va = 0x2940000 end_va = 0x29bffff entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 809 start_va = 0x29f0000 end_va = 0x2a6ffff entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 810 start_va = 0x2a70000 end_va = 0x2aeffff entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 811 start_va = 0x2bc0000 end_va = 0x2c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 812 start_va = 0x2d20000 end_va = 0x2d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d20000" filename = "" Region: id = 813 start_va = 0x2e30000 end_va = 0x2eaffff entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 814 start_va = 0x2eb0000 end_va = 0x2faffff entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 815 start_va = 0x2fb0000 end_va = 0x30affff entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 816 start_va = 0x30b0000 end_va = 0x312ffff entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 817 start_va = 0x3130000 end_va = 0x313ffff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 818 start_va = 0x3140000 end_va = 0x323ffff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 819 start_va = 0x32d0000 end_va = 0x334ffff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 820 start_va = 0x3530000 end_va = 0x35affff entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 821 start_va = 0x35b0000 end_va = 0x362ffff entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 822 start_va = 0x3630000 end_va = 0x36affff entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 823 start_va = 0x36f0000 end_va = 0x376ffff entry_point = 0x0 region_type = private name = "private_0x00000000036f0000" filename = "" Region: id = 824 start_va = 0x3790000 end_va = 0x380ffff entry_point = 0x0 region_type = private name = "private_0x0000000003790000" filename = "" Region: id = 825 start_va = 0x3810000 end_va = 0x390ffff entry_point = 0x0 region_type = private name = "private_0x0000000003810000" filename = "" Region: id = 826 start_va = 0x3ba0000 end_va = 0x3d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ba0000" filename = "" Region: id = 827 start_va = 0x3dc0000 end_va = 0x3e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 828 start_va = 0x3f00000 end_va = 0x3f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 829 start_va = 0x3ff0000 end_va = 0x406ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ff0000" filename = "" Region: id = 830 start_va = 0x4160000 end_va = 0x41dffff entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 831 start_va = 0x4330000 end_va = 0x43affff entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 832 start_va = 0x4450000 end_va = 0x44cffff entry_point = 0x0 region_type = private name = "private_0x0000000004450000" filename = "" Region: id = 833 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 834 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 835 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 836 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 837 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 838 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 839 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 840 start_va = 0x7fef49c0000 end_va = 0x7fef4a01fff entry_point = 0x7fef49c0000 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 841 start_va = 0x7fef4a10000 end_va = 0x7fef4a29fff entry_point = 0x7fef4a10000 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 842 start_va = 0x7fef7000000 end_va = 0x7fef700bfff entry_point = 0x7fef7000000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 843 start_va = 0x7fef7f60000 end_va = 0x7fef804dfff entry_point = 0x7fef7f60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 844 start_va = 0x7fef8380000 end_va = 0x7fef838efff entry_point = 0x7fef8380000 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 845 start_va = 0x7fef83a0000 end_va = 0x7fef83b4fff entry_point = 0x7fef83a0000 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 846 start_va = 0x7fef83c0000 end_va = 0x7fef83c8fff entry_point = 0x7fef83c0000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 847 start_va = 0x7fef83d0000 end_va = 0x7fef83d7fff entry_point = 0x7fef83d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 848 start_va = 0x7fef83e0000 end_va = 0x7fef845dfff entry_point = 0x7fef83e0000 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 849 start_va = 0x7fef8460000 end_va = 0x7fef8475fff entry_point = 0x7fef8460000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 850 start_va = 0x7fef8480000 end_va = 0x7fef853bfff entry_point = 0x7fef8480000 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 851 start_va = 0x7fef8540000 end_va = 0x7fef8558fff entry_point = 0x7fef8540000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 852 start_va = 0x7fef8560000 end_va = 0x7fef85affff entry_point = 0x7fef8560000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 853 start_va = 0x7fef85b0000 end_va = 0x7fef85b7fff entry_point = 0x7fef85b0000 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 854 start_va = 0x7fef85c0000 end_va = 0x7fef8632fff entry_point = 0x7fef85c0000 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 855 start_va = 0x7fef8640000 end_va = 0x7fef8665fff entry_point = 0x7fef8640000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 856 start_va = 0x7fef8670000 end_va = 0x7fef86e3fff entry_point = 0x7fef8670000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 857 start_va = 0x7fef86f0000 end_va = 0x7fef875afff entry_point = 0x7fef86f0000 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 858 start_va = 0x7fef8760000 end_va = 0x7fef8773fff entry_point = 0x7fef8760000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 859 start_va = 0x7fef8780000 end_va = 0x7fef87eefff entry_point = 0x7fef8780000 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 860 start_va = 0x7fef87f0000 end_va = 0x7fef891efff entry_point = 0x7fef87f0000 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 861 start_va = 0x7fef8920000 end_va = 0x7fef8944fff entry_point = 0x7fef8920000 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 862 start_va = 0x7fef8950000 end_va = 0x7fef898cfff entry_point = 0x7fef8950000 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 863 start_va = 0x7fef8990000 end_va = 0x7fef89a9fff entry_point = 0x7fef8990000 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 864 start_va = 0x7fef89b0000 end_va = 0x7fef8a33fff entry_point = 0x7fef89b0000 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 865 start_va = 0x7fef8a40000 end_va = 0x7fef8a4efff entry_point = 0x7fef8a40000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 866 start_va = 0x7fef8a50000 end_va = 0x7fef8a76fff entry_point = 0x7fef8a50000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 867 start_va = 0x7fef8a80000 end_va = 0x7fef8b61fff entry_point = 0x7fef8a80000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 868 start_va = 0x7fef8bb0000 end_va = 0x7fef8bf6fff entry_point = 0x7fef8bb0000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 869 start_va = 0x7fef8c00000 end_va = 0x7fef8c41fff entry_point = 0x7fef8c00000 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 870 start_va = 0x7fef8c50000 end_va = 0x7fef8ce1fff entry_point = 0x7fef8c50000 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 871 start_va = 0x7fef8cf0000 end_va = 0x7fef8d75fff entry_point = 0x7fef8cf0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 872 start_va = 0x7fef8d80000 end_va = 0x7fef8dbffff entry_point = 0x7fef8d80000 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 873 start_va = 0x7fefac50000 end_va = 0x7fefac66fff entry_point = 0x7fefac50000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 874 start_va = 0x7fefac70000 end_va = 0x7fefae1ffff entry_point = 0x7fefac70000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 875 start_va = 0x7fefae80000 end_va = 0x7fefaeb9fff entry_point = 0x7fefae80000 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 876 start_va = 0x7fefb210000 end_va = 0x7fefb286fff entry_point = 0x7fefb210000 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 877 start_va = 0x7fefb290000 end_va = 0x7fefb299fff entry_point = 0x7fefb290000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 878 start_va = 0x7fefb2a0000 end_va = 0x7fefb3b1fff entry_point = 0x7fefb2a0000 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 879 start_va = 0x7fefb3c0000 end_va = 0x7fefb3cefff entry_point = 0x7fefb3c0000 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 880 start_va = 0x7fefb3d0000 end_va = 0x7fefb3d8fff entry_point = 0x7fefb3d0000 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 881 start_va = 0x7fefb3e0000 end_va = 0x7fefb3e8fff entry_point = 0x7fefb3e0000 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 882 start_va = 0x7fefb3f0000 end_va = 0x7fefb445fff entry_point = 0x7fefb3f0000 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 883 start_va = 0x7fefb450000 end_va = 0x7fefb4adfff entry_point = 0x7fefb450000 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 884 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 885 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 886 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 887 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 888 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 889 start_va = 0x7fefb6b0000 end_va = 0x7fefb6c3fff entry_point = 0x7fefb6b0000 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 890 start_va = 0x7fefb6d0000 end_va = 0x7fefb736fff entry_point = 0x7fefb6d0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 891 start_va = 0x7fefb740000 end_va = 0x7fefb74afff entry_point = 0x7fefb740000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 892 start_va = 0x7fefb750000 end_va = 0x7fefb75bfff entry_point = 0x7fefb750000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 893 start_va = 0x7fefb760000 end_va = 0x7fefb76ffff entry_point = 0x7fefb760000 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 894 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 895 start_va = 0x7fefb790000 end_va = 0x7fefb7c6fff entry_point = 0x7fefb790000 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 896 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 897 start_va = 0x7fefb7f0000 end_va = 0x7fefb8b1fff entry_point = 0x7fefb7f0000 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 898 start_va = 0x7fefbb10000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb10000 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 899 start_va = 0x7fefbb30000 end_va = 0x7fefbb38fff entry_point = 0x7fefbb30000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 900 start_va = 0x7fefbc20000 end_va = 0x7fefbc30fff entry_point = 0x7fefbc20000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 901 start_va = 0x7fefbd70000 end_va = 0x7fefbd83fff entry_point = 0x7fefbd70000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 902 start_va = 0x7fefbd90000 end_va = 0x7fefbda4fff entry_point = 0x7fefbd90000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 903 start_va = 0x7fefbdb0000 end_va = 0x7fefbdbbfff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 904 start_va = 0x7fefbdc0000 end_va = 0x7fefbdd5fff entry_point = 0x7fefbdc0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 905 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 906 start_va = 0x7fefc050000 end_va = 0x7fefc084fff entry_point = 0x7fefc050000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 907 start_va = 0x7fefc4c0000 end_va = 0x7fefc515fff entry_point = 0x7fefc4c0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 908 start_va = 0x7fefc520000 end_va = 0x7fefc64bfff entry_point = 0x7fefc520000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 909 start_va = 0x7fefc650000 end_va = 0x7fefc66cfff entry_point = 0x7fefc650000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 910 start_va = 0x7fefc670000 end_va = 0x7fefc863fff entry_point = 0x7fefc670000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 911 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 912 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 913 start_va = 0x7fefcd70000 end_va = 0x7fefce2afff entry_point = 0x7fefcd70000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 914 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 915 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 916 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 917 start_va = 0x7fefcf60000 end_va = 0x7fefcf71fff entry_point = 0x7fefcf60000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 918 start_va = 0x7fefcf80000 end_va = 0x7fefcf9efff entry_point = 0x7fefcf80000 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 919 start_va = 0x7fefd050000 end_va = 0x7fefd088fff entry_point = 0x7fefd050000 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 920 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 921 start_va = 0x7fefd0a0000 end_va = 0x7fefd0acfff entry_point = 0x7fefd0a0000 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 922 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 923 start_va = 0x7fefd280000 end_va = 0x7fefd2affff entry_point = 0x7fefd280000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 924 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 925 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 926 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 927 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 928 start_va = 0x7fefd5a0000 end_va = 0x7fefd5d1fff entry_point = 0x7fefd5a0000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 929 start_va = 0x7fefd5f0000 end_va = 0x7fefd5f9fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 930 start_va = 0x7fefd680000 end_va = 0x7fefd6aefff entry_point = 0x7fefd680000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 931 start_va = 0x7fefd6c0000 end_va = 0x7fefd72cfff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 932 start_va = 0x7fefd730000 end_va = 0x7fefd743fff entry_point = 0x7fefd730000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 933 start_va = 0x7fefd990000 end_va = 0x7fefd9b2fff entry_point = 0x7fefd990000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 934 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 935 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 936 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 937 start_va = 0x7fefdaa0000 end_va = 0x7fefdb30fff entry_point = 0x7fefdaa0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 938 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 939 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 940 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 941 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 942 start_va = 0x7fefdc50000 end_va = 0x7fefdc89fff entry_point = 0x7fefdc50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 943 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 944 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 945 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 946 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 947 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 948 start_va = 0x7fefe180000 end_va = 0x7fefef07fff entry_point = 0x7fefe180000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 949 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 950 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 951 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 952 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 953 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 954 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 955 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 956 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 957 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 958 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 959 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 960 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 961 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 962 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 963 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 964 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 965 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 966 start_va = 0x7fffff62000 end_va = 0x7fffff63fff entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 967 start_va = 0x7fffff64000 end_va = 0x7fffff65fff entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 968 start_va = 0x7fffff66000 end_va = 0x7fffff67fff entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 969 start_va = 0x7fffff68000 end_va = 0x7fffff69fff entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 970 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 971 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 972 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 973 start_va = 0x7fffff76000 end_va = 0x7fffff77fff entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 974 start_va = 0x7fffff78000 end_va = 0x7fffff79fff entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 975 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 976 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 977 start_va = 0x7fffff82000 end_va = 0x7fffff83fff entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 978 start_va = 0x7fffff86000 end_va = 0x7fffff87fff entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 979 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 980 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 981 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 982 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 983 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 984 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 985 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 986 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 987 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 988 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 989 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 990 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 991 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 992 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 993 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 994 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 995 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 996 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 997 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 998 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 999 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1000 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1001 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1002 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1003 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1004 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1779 start_va = 0xd70000 end_va = 0xd70fff entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 1780 start_va = 0x18e0000 end_va = 0x195ffff entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 1781 start_va = 0x2b20000 end_va = 0x2b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 1782 start_va = 0x2ca0000 end_va = 0x2d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 1783 start_va = 0x2da0000 end_va = 0x2e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 1784 start_va = 0x3390000 end_va = 0x340ffff entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 1785 start_va = 0x34a0000 end_va = 0x351ffff entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 1786 start_va = 0x3930000 end_va = 0x39affff entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 1787 start_va = 0x39f0000 end_va = 0x3a6ffff entry_point = 0x0 region_type = private name = "private_0x00000000039f0000" filename = "" Region: id = 1788 start_va = 0x3e60000 end_va = 0x3edffff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1789 start_va = 0x40c0000 end_va = 0x413ffff entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 1790 start_va = 0x4240000 end_va = 0x42bffff entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 1791 start_va = 0x44d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 1792 start_va = 0x46d0000 end_va = 0x47cffff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 1793 start_va = 0x7fef8130000 end_va = 0x7fef8145fff entry_point = 0x7fef8130000 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1794 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1795 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1796 start_va = 0x7fffff60000 end_va = 0x7fffff61fff entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 1797 start_va = 0x7fffff70000 end_va = 0x7fffff71fff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 1798 start_va = 0x7fffff72000 end_va = 0x7fffff73fff entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1799 start_va = 0x7fffff74000 end_va = 0x7fffff75fff entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1800 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1801 start_va = 0x7fffff80000 end_va = 0x7fffff81fff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1802 start_va = 0x7fffff84000 end_va = 0x7fffff85fff entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1803 start_va = 0x7fffff88000 end_va = 0x7fffff89fff entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1804 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Thread: id = 170 os_tid = 0x584 Thread: id = 171 os_tid = 0x4dc Thread: id = 172 os_tid = 0x44c Thread: id = 173 os_tid = 0x7ac Thread: id = 174 os_tid = 0x7a4 Thread: id = 175 os_tid = 0x79c Thread: id = 176 os_tid = 0x798 Thread: id = 177 os_tid = 0x76c Thread: id = 178 os_tid = 0x668 Thread: id = 179 os_tid = 0x630 Thread: id = 180 os_tid = 0x628 Thread: id = 181 os_tid = 0x624 Thread: id = 182 os_tid = 0x618 Thread: id = 183 os_tid = 0x614 Thread: id = 184 os_tid = 0x600 Thread: id = 185 os_tid = 0x5f4 Thread: id = 186 os_tid = 0x5f0 Thread: id = 187 os_tid = 0x5e8 Thread: id = 188 os_tid = 0x5c0 Thread: id = 189 os_tid = 0x484 Thread: id = 190 os_tid = 0x42c Thread: id = 191 os_tid = 0x408 Thread: id = 192 os_tid = 0x128 Thread: id = 193 os_tid = 0x154 Thread: id = 194 os_tid = 0x3cc Thread: id = 195 os_tid = 0x39c Thread: id = 196 os_tid = 0x368 Thread: id = 197 os_tid = 0x118 Thread: id = 198 os_tid = 0x11c Thread: id = 199 os_tid = 0x3ec Thread: id = 200 os_tid = 0x3e0 Thread: id = 201 os_tid = 0x390 Thread: id = 202 os_tid = 0x380 Thread: id = 203 os_tid = 0x37c Thread: id = 204 os_tid = 0x378 Thread: id = 205 os_tid = 0x36c Thread: id = 206 os_tid = 0x364 Thread: id = 310 os_tid = 0xa74 Thread: id = 311 os_tid = 0xa78 Thread: id = 312 os_tid = 0xa7c Thread: id = 313 os_tid = 0xa80 Thread: id = 314 os_tid = 0xa84 Thread: id = 315 os_tid = 0xa88 Thread: id = 316 os_tid = 0xa8c Thread: id = 317 os_tid = 0xa90 Thread: id = 318 os_tid = 0xa94 Thread: id = 319 os_tid = 0xa98 Thread: id = 320 os_tid = 0xa9c Thread: id = 321 os_tid = 0xaa0 Thread: id = 322 os_tid = 0xaa4 Thread: id = 323 os_tid = 0xaa8 Thread: id = 412 os_tid = 0x5a4 Process: id = "13" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xbc5b000" os_pid = "0x3fc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c68f" [0xc000000f], "LOCAL" [0x7] Region: id = 1141 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1142 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1143 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1144 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1145 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1146 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1147 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1148 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1149 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1150 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1151 start_va = 0x180000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1152 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1153 start_va = 0x290000 end_va = 0x2a0fff entry_point = 0x290000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1154 start_va = 0x2b0000 end_va = 0x2b3fff entry_point = 0x2b0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1155 start_va = 0x2c0000 end_va = 0x2c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 1156 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1157 start_va = 0x2e0000 end_va = 0x2e0fff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1158 start_va = 0x310000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1159 start_va = 0x410000 end_va = 0x597fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1160 start_va = 0x5a0000 end_va = 0x720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 1161 start_va = 0x730000 end_va = 0x7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 1162 start_va = 0x7f0000 end_va = 0xbe2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1163 start_va = 0xc00000 end_va = 0xc7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1164 start_va = 0xc90000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 1165 start_va = 0xca0000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 1166 start_va = 0xd50000 end_va = 0xdcffff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 1167 start_va = 0xe20000 end_va = 0xe9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 1168 start_va = 0xf00000 end_va = 0xf7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1169 start_va = 0xf80000 end_va = 0x107ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1170 start_va = 0x10d0000 end_va = 0x139efff entry_point = 0x10d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1171 start_va = 0x1410000 end_va = 0x148ffff entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 1172 start_va = 0x1490000 end_va = 0x158ffff entry_point = 0x0 region_type = private name = "private_0x0000000001490000" filename = "" Region: id = 1173 start_va = 0x15f0000 end_va = 0x166ffff entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 1174 start_va = 0x1670000 end_va = 0x16effff entry_point = 0x0 region_type = private name = "private_0x0000000001670000" filename = "" Region: id = 1175 start_va = 0x1740000 end_va = 0x17bffff entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 1176 start_va = 0x17f0000 end_va = 0x186ffff entry_point = 0x0 region_type = private name = "private_0x00000000017f0000" filename = "" Region: id = 1177 start_va = 0x1870000 end_va = 0x18effff entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 1178 start_va = 0x1950000 end_va = 0x19cffff entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 1179 start_va = 0x1a50000 end_va = 0x1acffff entry_point = 0x0 region_type = private name = "private_0x0000000001a50000" filename = "" Region: id = 1180 start_va = 0x1ae0000 end_va = 0x1aeffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 1181 start_va = 0x1b30000 end_va = 0x1baffff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 1182 start_va = 0x1bb0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 1183 start_va = 0x1cb0000 end_va = 0x1d6ffff entry_point = 0x1cb0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1184 start_va = 0x1d80000 end_va = 0x1dfffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1185 start_va = 0x1ee0000 end_va = 0x1f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 1186 start_va = 0x2000000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 1187 start_va = 0x20e0000 end_va = 0x20effff entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 1188 start_va = 0x20f0000 end_va = 0x22effff entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 1189 start_va = 0x74440000 end_va = 0x74442fff entry_point = 0x74440000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 1190 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1191 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1192 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1193 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1194 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1195 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1196 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1197 start_va = 0x7fef69f0000 end_va = 0x7fef6ac7fff entry_point = 0x7fef69f0000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 1198 start_va = 0x7fef7000000 end_va = 0x7fef700bfff entry_point = 0x7fef7000000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1199 start_va = 0x7fef7530000 end_va = 0x7fef75abfff entry_point = 0x7fef7530000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1200 start_va = 0x7fef83d0000 end_va = 0x7fef83d7fff entry_point = 0x7fef83d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1201 start_va = 0x7fef8670000 end_va = 0x7fef86e3fff entry_point = 0x7fef8670000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1202 start_va = 0x7fef8fa0000 end_va = 0x7fef8faffff entry_point = 0x7fef8fa0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 1203 start_va = 0x7fef8fb0000 end_va = 0x7fef8fc1fff entry_point = 0x7fef8fb0000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 1204 start_va = 0x7fefaa60000 end_va = 0x7fefaa78fff entry_point = 0x7fefaa60000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 1205 start_va = 0x7fefaac0000 end_va = 0x7fefab23fff entry_point = 0x7fefaac0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1206 start_va = 0x7fefab30000 end_va = 0x7fefaba0fff entry_point = 0x7fefab30000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1207 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1208 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1209 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1210 start_va = 0x7fefb630000 end_va = 0x7fefb639fff entry_point = 0x7fefb630000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 1211 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1212 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1213 start_va = 0x7fefb6d0000 end_va = 0x7fefb736fff entry_point = 0x7fefb6d0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1214 start_va = 0x7fefb750000 end_va = 0x7fefb75bfff entry_point = 0x7fefb750000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1215 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1216 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1217 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1218 start_va = 0x7fefbf10000 end_va = 0x7fefbf1afff entry_point = 0x7fefbf10000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1219 start_va = 0x7fefc090000 end_va = 0x7fefc0a7fff entry_point = 0x7fefc090000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1220 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1221 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1222 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1223 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1224 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1225 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1226 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1227 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1228 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1229 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1230 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1231 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1232 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1233 start_va = 0x7fefdaa0000 end_va = 0x7fefdb30fff entry_point = 0x7fefdaa0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1234 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1235 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1236 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1237 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1238 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1239 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1240 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1241 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1242 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1243 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1244 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1245 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1246 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1247 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1248 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1249 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1250 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1251 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1252 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1253 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1254 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1255 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1256 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1257 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1258 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1259 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1260 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1261 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1262 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1263 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1264 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1265 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1266 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1267 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1268 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1269 start_va = 0x7fffffde000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 207 os_tid = 0x9bc Thread: id = 208 os_tid = 0x7bc Thread: id = 209 os_tid = 0x7a8 Thread: id = 210 os_tid = 0x78c Thread: id = 211 os_tid = 0x77c Thread: id = 212 os_tid = 0x768 Thread: id = 213 os_tid = 0x724 Thread: id = 214 os_tid = 0x710 Thread: id = 215 os_tid = 0x544 Thread: id = 216 os_tid = 0x528 Thread: id = 217 os_tid = 0x150 Thread: id = 218 os_tid = 0x130 Thread: id = 219 os_tid = 0x12c Thread: id = 220 os_tid = 0x120 Thread: id = 221 os_tid = 0xf0 Thread: id = 222 os_tid = 0xc8 Thread: id = 384 os_tid = 0x49c Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xbfe2000" os_pid = "0x170" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cc4b" [0xc000000f], "LOCAL" [0x7] Region: id = 1273 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1274 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1275 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1276 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1277 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1278 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1279 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1280 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 1281 start_va = 0x90000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1282 start_va = 0x110000 end_va = 0x176fff entry_point = 0x110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1283 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1284 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 1285 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 1286 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1287 start_va = 0x3a0000 end_va = 0x527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1288 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1289 start_va = 0x540000 end_va = 0x559fff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1290 start_va = 0x560000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1291 start_va = 0x570000 end_va = 0x6f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1292 start_va = 0x700000 end_va = 0x7bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1293 start_va = 0x7c0000 end_va = 0xbb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 1294 start_va = 0xbc0000 end_va = 0xc3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1295 start_va = 0xc40000 end_va = 0xcbffff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 1296 start_va = 0xcc0000 end_va = 0xcc0fff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1297 start_va = 0xcd0000 end_va = 0xcd0fff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1298 start_va = 0xce0000 end_va = 0xceffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 1299 start_va = 0xcf0000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 1300 start_va = 0xd00000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 1301 start_va = 0xd10000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1302 start_va = 0xd20000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 1303 start_va = 0xda0000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 1304 start_va = 0xe20000 end_va = 0xe2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e20000" filename = "" Region: id = 1305 start_va = 0xe30000 end_va = 0xe3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 1306 start_va = 0xe40000 end_va = 0xe4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e40000" filename = "" Region: id = 1307 start_va = 0xe50000 end_va = 0xe5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 1308 start_va = 0xe60000 end_va = 0xe6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e60000" filename = "" Region: id = 1309 start_va = 0xe70000 end_va = 0xe7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e70000" filename = "" Region: id = 1310 start_va = 0xe80000 end_va = 0xe80fff entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 1311 start_va = 0xe90000 end_va = 0xe91fff entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1312 start_va = 0xea0000 end_va = 0xea4fff entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 1313 start_va = 0xeb0000 end_va = 0xf2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1314 start_va = 0xf30000 end_va = 0xf3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f30000" filename = "" Region: id = 1315 start_va = 0xf40000 end_va = 0xf4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 1316 start_va = 0xf50000 end_va = 0xf5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 1317 start_va = 0xf60000 end_va = 0xf6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 1318 start_va = 0xf70000 end_va = 0xf7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1319 start_va = 0xf80000 end_va = 0xf8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 1320 start_va = 0xf90000 end_va = 0xf90fff entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1321 start_va = 0xfa0000 end_va = 0xfaffff entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1322 start_va = 0xfb0000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 1323 start_va = 0x1030000 end_va = 0x1030fff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1324 start_va = 0x1040000 end_va = 0x130efff entry_point = 0x1040000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1325 start_va = 0x1310000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1326 start_va = 0x1390000 end_va = 0x139ffff entry_point = 0x1390000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1327 start_va = 0x13a0000 end_va = 0x13affff entry_point = 0x13a0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1328 start_va = 0x13b0000 end_va = 0x13bffff entry_point = 0x13b0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1329 start_va = 0x13c0000 end_va = 0x13cffff entry_point = 0x13c0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1330 start_va = 0x13d0000 end_va = 0x13dffff entry_point = 0x13d0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1331 start_va = 0x13e0000 end_va = 0x13effff entry_point = 0x13e0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1332 start_va = 0x13f0000 end_va = 0x13fffff entry_point = 0x13f0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1333 start_va = 0x1400000 end_va = 0x140ffff entry_point = 0x1400000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1334 start_va = 0x1410000 end_va = 0x148ffff entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 1335 start_va = 0x1490000 end_va = 0x149ffff entry_point = 0x1490000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1336 start_va = 0x14a0000 end_va = 0x14affff entry_point = 0x14a0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1337 start_va = 0x14b0000 end_va = 0x14bffff entry_point = 0x14b0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1338 start_va = 0x14c0000 end_va = 0x14cffff entry_point = 0x14c0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1339 start_va = 0x14d0000 end_va = 0x14dffff entry_point = 0x14d0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1340 start_va = 0x14e0000 end_va = 0x14effff entry_point = 0x14e0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 1341 start_va = 0x14f0000 end_va = 0x156ffff entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 1342 start_va = 0x1570000 end_va = 0x15effff entry_point = 0x0 region_type = private name = "private_0x0000000001570000" filename = "" Region: id = 1343 start_va = 0x15f0000 end_va = 0x16affff entry_point = 0x15f0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1344 start_va = 0x16b0000 end_va = 0x16bffff entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1345 start_va = 0x16c0000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 1346 start_va = 0x16d0000 end_va = 0x16dffff entry_point = 0x0 region_type = private name = "private_0x00000000016d0000" filename = "" Region: id = 1347 start_va = 0x16e0000 end_va = 0x16effff entry_point = 0x0 region_type = private name = "private_0x00000000016e0000" filename = "" Region: id = 1348 start_va = 0x16f0000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x00000000016f0000" filename = "" Region: id = 1349 start_va = 0x1700000 end_va = 0x1700fff entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1350 start_va = 0x1710000 end_va = 0x1710fff entry_point = 0x0 region_type = private name = "private_0x0000000001710000" filename = "" Region: id = 1351 start_va = 0x1720000 end_va = 0x172ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 1352 start_va = 0x1740000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 1353 start_va = 0x1760000 end_va = 0x185ffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 1354 start_va = 0x1930000 end_va = 0x19affff entry_point = 0x0 region_type = private name = "private_0x0000000001930000" filename = "" Region: id = 1355 start_va = 0x19d0000 end_va = 0x1a4ffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 1356 start_va = 0x1a70000 end_va = 0x1aeffff entry_point = 0x0 region_type = private name = "private_0x0000000001a70000" filename = "" Region: id = 1357 start_va = 0x1b20000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b20000" filename = "" Region: id = 1358 start_va = 0x1bb0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 1359 start_va = 0x1d00000 end_va = 0x1d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 1360 start_va = 0x1d80000 end_va = 0x1d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1361 start_va = 0x1d90000 end_va = 0x1e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 1362 start_va = 0x1f40000 end_va = 0x1fbffff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 1363 start_va = 0x2000000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 1364 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1365 start_va = 0x2260000 end_va = 0x22dffff entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 1366 start_va = 0x22e0000 end_va = 0x23dffff entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1367 start_va = 0x23e0000 end_va = 0x24dffff entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1368 start_va = 0x24e0000 end_va = 0x34dffff entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1369 start_va = 0x35b0000 end_va = 0x362ffff entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 1370 start_va = 0x3640000 end_va = 0x36bffff entry_point = 0x0 region_type = private name = "private_0x0000000003640000" filename = "" Region: id = 1371 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1372 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1373 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1374 start_va = 0x77e10000 end_va = 0x77e16fff entry_point = 0x77e10000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1375 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1376 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1377 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1378 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1379 start_va = 0x7fef4740000 end_va = 0x7fef49b9fff entry_point = 0x7fef4740000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1380 start_va = 0x7fef83d0000 end_va = 0x7fef83d7fff entry_point = 0x7fef83d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1381 start_va = 0x7fefaa80000 end_va = 0x7fefaa90fff entry_point = 0x7fefaa80000 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1382 start_va = 0x7fefaac0000 end_va = 0x7fefab23fff entry_point = 0x7fefaac0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1383 start_va = 0x7fefab30000 end_va = 0x7fefaba0fff entry_point = 0x7fefab30000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1384 start_va = 0x7fefabb0000 end_va = 0x7fefabe7fff entry_point = 0x7fefabb0000 region_type = mapped_file name = "ncsi.dll" filename = "\\Windows\\System32\\ncsi.dll" (normalized: "c:\\windows\\system32\\ncsi.dll") Region: id = 1385 start_va = 0x7fefabf0000 end_va = 0x7fefac3dfff entry_point = 0x7fefabf0000 region_type = mapped_file name = "nlasvc.dll" filename = "\\Windows\\System32\\nlasvc.dll" (normalized: "c:\\windows\\system32\\nlasvc.dll") Region: id = 1386 start_va = 0x7fefac50000 end_va = 0x7fefac66fff entry_point = 0x7fefac50000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1387 start_va = 0x7fefac70000 end_va = 0x7fefae1ffff entry_point = 0x7fefac70000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1388 start_va = 0x7fefae50000 end_va = 0x7fefae7ffff entry_point = 0x7fefae50000 region_type = mapped_file name = "cryptsvc.dll" filename = "\\Windows\\System32\\cryptsvc.dll" (normalized: "c:\\windows\\system32\\cryptsvc.dll") Region: id = 1389 start_va = 0x7fefaf40000 end_va = 0x7fefaf5ffff entry_point = 0x7fefaf40000 region_type = mapped_file name = "wkssvc.dll" filename = "\\Windows\\System32\\wkssvc.dll" (normalized: "c:\\windows\\system32\\wkssvc.dll") Region: id = 1390 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1391 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1392 start_va = 0x7fefb4f0000 end_va = 0x7fefb4f6fff entry_point = 0x7fefb4f0000 region_type = mapped_file name = "dnsext.dll" filename = "\\Windows\\System32\\dnsext.dll" (normalized: "c:\\windows\\system32\\dnsext.dll") Region: id = 1393 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1394 start_va = 0x7fefb560000 end_va = 0x7fefb58ffff entry_point = 0x7fefb560000 region_type = mapped_file name = "dnsrslvr.dll" filename = "\\Windows\\System32\\dnsrslvr.dll" (normalized: "c:\\windows\\system32\\dnsrslvr.dll") Region: id = 1395 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1396 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1397 start_va = 0x7fefb6d0000 end_va = 0x7fefb736fff entry_point = 0x7fefb6d0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1398 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1399 start_va = 0x7fefbd70000 end_va = 0x7fefbd83fff entry_point = 0x7fefbd70000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1400 start_va = 0x7fefbd90000 end_va = 0x7fefbda4fff entry_point = 0x7fefbd90000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1401 start_va = 0x7fefbdb0000 end_va = 0x7fefbdbbfff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1402 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1403 start_va = 0x7fefc520000 end_va = 0x7fefc64bfff entry_point = 0x7fefc520000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1404 start_va = 0x7fefc650000 end_va = 0x7fefc66cfff entry_point = 0x7fefc650000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1405 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1406 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1407 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1408 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1409 start_va = 0x7fefd0d0000 end_va = 0x7fefd11bfff entry_point = 0x7fefd0d0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1410 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1411 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1412 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1413 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1414 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1415 start_va = 0x7fefd5a0000 end_va = 0x7fefd5d1fff entry_point = 0x7fefd5a0000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1416 start_va = 0x7fefd600000 end_va = 0x7fefd621fff entry_point = 0x7fefd600000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1417 start_va = 0x7fefd6c0000 end_va = 0x7fefd72cfff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1418 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1419 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1420 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1421 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1422 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1423 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1424 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1425 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1426 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1427 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1428 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1429 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1430 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1431 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1432 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1433 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1434 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1435 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1436 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1437 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1438 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1439 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1440 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1441 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1442 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1443 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1444 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1445 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1446 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1447 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1448 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1449 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1450 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1451 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1452 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1453 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1454 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1455 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1456 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1457 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1458 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1459 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1460 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1461 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1462 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1463 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 223 os_tid = 0x9c0 Thread: id = 224 os_tid = 0x8bc Thread: id = 225 os_tid = 0x808 Thread: id = 226 os_tid = 0x688 Thread: id = 227 os_tid = 0x784 Thread: id = 228 os_tid = 0x55c Thread: id = 229 os_tid = 0x550 Thread: id = 230 os_tid = 0x540 Thread: id = 231 os_tid = 0x52c Thread: id = 232 os_tid = 0x518 Thread: id = 233 os_tid = 0x4c4 Thread: id = 234 os_tid = 0x308 Thread: id = 235 os_tid = 0x2ac Thread: id = 236 os_tid = 0x28c Thread: id = 237 os_tid = 0x264 Thread: id = 238 os_tid = 0x138 Thread: id = 239 os_tid = 0x218 Thread: id = 240 os_tid = 0x124 Process: id = "15" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0xa36a000" os_pid = "0x134" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d697" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2636 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2637 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2638 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2639 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2640 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2641 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2642 start_va = 0x70000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2643 start_va = 0xb0000 end_va = 0x116fff entry_point = 0xb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2644 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2645 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2646 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2647 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 2648 start_va = 0x160000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2649 start_va = 0x260000 end_va = 0x260fff entry_point = 0x260000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 2650 start_va = 0x270000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2651 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2652 start_va = 0x2b0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 2653 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2654 start_va = 0x3c0000 end_va = 0x547fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 2655 start_va = 0x550000 end_va = 0x6d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2656 start_va = 0x6e0000 end_va = 0x1adffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 2657 start_va = 0x1ae0000 end_va = 0x1ed2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ae0000" filename = "" Region: id = 2658 start_va = 0x1ef0000 end_va = 0x1f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 2659 start_va = 0x1f80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 2660 start_va = 0x2010000 end_va = 0x204ffff entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 2661 start_va = 0x2050000 end_va = 0x208ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 2662 start_va = 0x20d0000 end_va = 0x20dffff entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 2663 start_va = 0x20f0000 end_va = 0x212ffff entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 2664 start_va = 0x2170000 end_va = 0x21effff entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 2665 start_va = 0x2200000 end_va = 0x223ffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2666 start_va = 0x2240000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 2667 start_va = 0x2290000 end_va = 0x229ffff entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2668 start_va = 0x22c0000 end_va = 0x22fffff entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2669 start_va = 0x2320000 end_va = 0x239ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 2670 start_va = 0x23e0000 end_va = 0x26aefff entry_point = 0x23e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2671 start_va = 0x26e0000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 2672 start_va = 0x2760000 end_va = 0x2860fff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 2673 start_va = 0x2870000 end_va = 0x296ffff entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 2674 start_va = 0x2980000 end_va = 0x29fffff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 2675 start_va = 0x2a10000 end_va = 0x2a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 2676 start_va = 0x2a70000 end_va = 0x2aeffff entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 2677 start_va = 0x2af0000 end_va = 0x2baffff entry_point = 0x2af0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2678 start_va = 0x2bb0000 end_va = 0x2faffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 2679 start_va = 0x2fc0000 end_va = 0x2ffffff entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 2680 start_va = 0x3020000 end_va = 0x305ffff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 2681 start_va = 0x30e0000 end_va = 0x311ffff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 2682 start_va = 0x3160000 end_va = 0x319ffff entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 2683 start_va = 0x3230000 end_va = 0x326ffff entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 2684 start_va = 0x3300000 end_va = 0x33fffff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2685 start_va = 0x3420000 end_va = 0x345ffff entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 2686 start_va = 0x34a0000 end_va = 0x34dffff entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 2687 start_va = 0x35e0000 end_va = 0x35effff entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 2688 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2689 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2690 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2691 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2692 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2693 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2694 start_va = 0xffc30000 end_va = 0xffcbbfff entry_point = 0xffc30000 region_type = mapped_file name = "spoolsv.exe" filename = "\\Windows\\System32\\spoolsv.exe" (normalized: "c:\\windows\\system32\\spoolsv.exe") Region: id = 2695 start_va = 0x7fef6f30000 end_va = 0x7fef6fecfff entry_point = 0x7fef6f30000 region_type = mapped_file name = "win32spl.dll" filename = "\\Windows\\System32\\win32spl.dll" (normalized: "c:\\windows\\system32\\win32spl.dll") Region: id = 2696 start_va = 0x7fef6ff0000 end_va = 0x7fef6ffdfff entry_point = 0x7fef6ff0000 region_type = mapped_file name = "winprint.dll" filename = "\\Windows\\System32\\spool\\prtprocs\\x64\\winprint.dll" (normalized: "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll") Region: id = 2697 start_va = 0x7fef7040000 end_va = 0x7fef706cfff entry_point = 0x7fef7040000 region_type = mapped_file name = "inetpp.dll" filename = "\\Windows\\System32\\inetpp.dll" (normalized: "c:\\windows\\system32\\inetpp.dll") Region: id = 2698 start_va = 0x7fef78b0000 end_va = 0x7fef78bffff entry_point = 0x7fef78b0000 region_type = mapped_file name = "fdpnp.dll" filename = "\\Windows\\System32\\fdPnp.dll" (normalized: "c:\\windows\\system32\\fdpnp.dll") Region: id = 2699 start_va = 0x7fef78c0000 end_va = 0x7fef78f2fff entry_point = 0x7fef78c0000 region_type = mapped_file name = "fundisc.dll" filename = "\\Windows\\System32\\fundisc.dll" (normalized: "c:\\windows\\system32\\fundisc.dll") Region: id = 2700 start_va = 0x7fef7900000 end_va = 0x7fef7a1efff entry_point = 0x7fef7900000 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 2701 start_va = 0x7fef7a20000 end_va = 0x7fef7ab0fff entry_point = 0x7fef7a20000 region_type = mapped_file name = "wsdapi.dll" filename = "\\Windows\\System32\\WSDApi.dll" (normalized: "c:\\windows\\system32\\wsdapi.dll") Region: id = 2702 start_va = 0x7fef7ac0000 end_va = 0x7fef7af9fff entry_point = 0x7fef7ac0000 region_type = mapped_file name = "wsdmon.dll" filename = "\\Windows\\System32\\WSDMon.dll" (normalized: "c:\\windows\\system32\\wsdmon.dll") Region: id = 2703 start_va = 0x7fef7b00000 end_va = 0x7fef7b06fff entry_point = 0x7fef7b00000 region_type = mapped_file name = "wls0wndh.dll" filename = "\\Windows\\System32\\WlS0WndH.dll" (normalized: "c:\\windows\\system32\\wls0wndh.dll") Region: id = 2704 start_va = 0x7fef7b10000 end_va = 0x7fef7b1efff entry_point = 0x7fef7b10000 region_type = mapped_file name = "usbmon.dll" filename = "\\Windows\\System32\\usbmon.dll" (normalized: "c:\\windows\\system32\\usbmon.dll") Region: id = 2705 start_va = 0x7fef7b20000 end_va = 0x7fef7d11fff entry_point = 0x7fef7b20000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 2706 start_va = 0x7fef7d20000 end_va = 0x7fef7d33fff entry_point = 0x7fef7d20000 region_type = mapped_file name = "wsnmp32.dll" filename = "\\Windows\\System32\\wsnmp32.dll" (normalized: "c:\\windows\\system32\\wsnmp32.dll") Region: id = 2707 start_va = 0x7fef7d40000 end_va = 0x7fef7d4afff entry_point = 0x7fef7d40000 region_type = mapped_file name = "snmpapi.dll" filename = "\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll") Region: id = 2708 start_va = 0x7fef7d50000 end_va = 0x7fef7d83fff entry_point = 0x7fef7d50000 region_type = mapped_file name = "tcpmon.dll" filename = "\\Windows\\System32\\tcpmon.dll" (normalized: "c:\\windows\\system32\\tcpmon.dll") Region: id = 2709 start_va = 0x7fef7d90000 end_va = 0x7fef7d9dfff entry_point = 0x7fef7d90000 region_type = mapped_file name = "fxsmon.dll" filename = "\\Windows\\System32\\FXSMON.dll" (normalized: "c:\\windows\\system32\\fxsmon.dll") Region: id = 2710 start_va = 0x7fef7da0000 end_va = 0x7fef7daffff entry_point = 0x7fef7da0000 region_type = mapped_file name = "printisolationproxy.dll" filename = "\\Windows\\System32\\PrintIsolationProxy.dll" (normalized: "c:\\windows\\system32\\printisolationproxy.dll") Region: id = 2711 start_va = 0x7fef7db0000 end_va = 0x7fef7e20fff entry_point = 0x7fef7db0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 2712 start_va = 0x7fef7e30000 end_va = 0x7fef7e41fff entry_point = 0x7fef7e30000 region_type = mapped_file name = "spoolss.dll" filename = "\\Windows\\System32\\spoolss.dll" (normalized: "c:\\windows\\system32\\spoolss.dll") Region: id = 2713 start_va = 0x7fef7e50000 end_va = 0x7fef7f3dfff entry_point = 0x7fef7e50000 region_type = mapped_file name = "localspl.dll" filename = "\\Windows\\System32\\localspl.dll" (normalized: "c:\\windows\\system32\\localspl.dll") Region: id = 2714 start_va = 0x7fef7f40000 end_va = 0x7fef7f52fff entry_point = 0x7fef7f40000 region_type = mapped_file name = "umb.dll" filename = "\\Windows\\System32\\umb.dll" (normalized: "c:\\windows\\system32\\umb.dll") Region: id = 2715 start_va = 0x7fef83d0000 end_va = 0x7fef83d7fff entry_point = 0x7fef83d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2716 start_va = 0x7fef9100000 end_va = 0x7fef910efff entry_point = 0x7fef9100000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2717 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2718 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2719 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2720 start_va = 0x7fefb740000 end_va = 0x7fefb74afff entry_point = 0x7fefb740000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 2721 start_va = 0x7fefb750000 end_va = 0x7fefb75bfff entry_point = 0x7fefb750000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2722 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2723 start_va = 0x7fefbb40000 end_va = 0x7fefbb6bfff entry_point = 0x7fefbb40000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2724 start_va = 0x7fefbdb0000 end_va = 0x7fefbdbbfff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2725 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2726 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2727 start_va = 0x7fefcd70000 end_va = 0x7fefce2afff entry_point = 0x7fefcd70000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2728 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2729 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2730 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2731 start_va = 0x7fefcf60000 end_va = 0x7fefcf71fff entry_point = 0x7fefcf60000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 2732 start_va = 0x7fefcf80000 end_va = 0x7fefcf9efff entry_point = 0x7fefcf80000 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 2733 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2734 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2735 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2736 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2737 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2738 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2739 start_va = 0x7fefd990000 end_va = 0x7fefd9b2fff entry_point = 0x7fefd990000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2740 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2741 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2742 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2743 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2744 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2745 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2746 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2747 start_va = 0x7fefdc50000 end_va = 0x7fefdc89fff entry_point = 0x7fefdc50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2748 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2749 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2750 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2751 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2752 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2753 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2754 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2755 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2756 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2757 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2758 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2759 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2760 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2761 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2762 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2763 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2764 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2765 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2766 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2767 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2768 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2769 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2770 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2771 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2772 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2773 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2774 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2775 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2776 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2777 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2778 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2779 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2780 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2781 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2782 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2783 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2784 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2785 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 241 os_tid = 0x9d4 Thread: id = 242 os_tid = 0x75c Thread: id = 243 os_tid = 0x6d8 Thread: id = 244 os_tid = 0x6d4 Thread: id = 245 os_tid = 0x6bc Thread: id = 246 os_tid = 0x68c Thread: id = 247 os_tid = 0x674 Thread: id = 248 os_tid = 0x664 Thread: id = 249 os_tid = 0x65c Thread: id = 250 os_tid = 0x418 Thread: id = 251 os_tid = 0x414 Thread: id = 252 os_tid = 0x410 Thread: id = 253 os_tid = 0x40c Thread: id = 254 os_tid = 0x35c Thread: id = 255 os_tid = 0x214 Process: id = "16" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xa822000" os_pid = "0x41c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000db18" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Region: id = 1814 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1815 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1816 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1817 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1818 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1819 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1820 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1821 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1822 start_va = 0xf0000 end_va = 0x10bfff entry_point = 0xf0000 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1823 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1824 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1825 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1826 start_va = 0x140000 end_va = 0x147fff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1827 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1828 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1829 start_va = 0x170000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1830 start_va = 0x1f0000 end_va = 0x1f2fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1831 start_va = 0x200000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1832 start_va = 0x210000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1833 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1834 start_va = 0x2b0000 end_va = 0x36ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1835 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1836 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1837 start_va = 0x590000 end_va = 0x717fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1838 start_va = 0x720000 end_va = 0x8a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1839 start_va = 0x8b0000 end_va = 0xca2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 1840 start_va = 0xcb0000 end_va = 0xcb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cb0000" filename = "" Region: id = 1841 start_va = 0xcc0000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1842 start_va = 0xd60000 end_va = 0xddffff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 1843 start_va = 0xde0000 end_va = 0xe5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 1844 start_va = 0xe80000 end_va = 0xefffff entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 1845 start_va = 0xf10000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1846 start_va = 0xfa0000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1847 start_va = 0x1040000 end_va = 0x130efff entry_point = 0x1040000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1848 start_va = 0x1350000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 1849 start_va = 0x1420000 end_va = 0x149ffff entry_point = 0x0 region_type = private name = "private_0x0000000001420000" filename = "" Region: id = 1850 start_va = 0x14c0000 end_va = 0x153ffff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 1851 start_va = 0x1560000 end_va = 0x15dffff entry_point = 0x0 region_type = private name = "private_0x0000000001560000" filename = "" Region: id = 1852 start_va = 0x16a0000 end_va = 0x171ffff entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 1853 start_va = 0x1720000 end_va = 0x179ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 1854 start_va = 0x17d0000 end_va = 0x184ffff entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 1855 start_va = 0x18b0000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x00000000018b0000" filename = "" Region: id = 1856 start_va = 0x1950000 end_va = 0x19cffff entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 1857 start_va = 0x1a00000 end_va = 0x1a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1858 start_va = 0x1ab0000 end_va = 0x1b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 1859 start_va = 0x1be0000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 1860 start_va = 0x1c60000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 1861 start_va = 0x1df0000 end_va = 0x1eeffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 1862 start_va = 0x1f00000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 1863 start_va = 0x2070000 end_va = 0x20effff entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 1864 start_va = 0x2170000 end_va = 0x21effff entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1865 start_va = 0x2290000 end_va = 0x23affff entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1866 start_va = 0x23b0000 end_va = 0x25b0fff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1867 start_va = 0x2600000 end_va = 0x267ffff entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1868 start_va = 0x2680000 end_va = 0x287ffff entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 1869 start_va = 0x2880000 end_va = 0x2a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 1870 start_va = 0x2a80000 end_va = 0x2e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 1871 start_va = 0x2e20000 end_va = 0x301ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 1872 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1873 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1874 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1875 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1876 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1877 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1878 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1879 start_va = 0x7fef6760000 end_va = 0x7fef676cfff entry_point = 0x7fef6760000 region_type = mapped_file name = "wdiasqmmodule.dll" filename = "\\Windows\\System32\\wdiasqmmodule.dll" (normalized: "c:\\windows\\system32\\wdiasqmmodule.dll") Region: id = 1880 start_va = 0x7fef6770000 end_va = 0x7fef678cfff entry_point = 0x7fef6770000 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Region: id = 1881 start_va = 0x7fef6790000 end_va = 0x7fef6797fff entry_point = 0x7fef6790000 region_type = mapped_file name = "pnpts.dll" filename = "\\Windows\\System32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll") Region: id = 1882 start_va = 0x7fef6c40000 end_va = 0x7fef6d89fff entry_point = 0x7fef6c40000 region_type = mapped_file name = "diagperf.dll" filename = "\\Windows\\System32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll") Region: id = 1883 start_va = 0x7fef7000000 end_va = 0x7fef700bfff entry_point = 0x7fef7000000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1884 start_va = 0x7fef8670000 end_va = 0x7fef86e3fff entry_point = 0x7fef8670000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1885 start_va = 0x7fefaa60000 end_va = 0x7fefaa78fff entry_point = 0x7fefaa60000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 1886 start_va = 0x7fefac40000 end_va = 0x7fefac49fff entry_point = 0x7fefac40000 region_type = mapped_file name = "wfapigp.dll" filename = "\\Windows\\System32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll") Region: id = 1887 start_va = 0x7fefae20000 end_va = 0x7fefae4bfff entry_point = 0x7fefae20000 region_type = mapped_file name = "dps.dll" filename = "\\Windows\\System32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll") Region: id = 1888 start_va = 0x7fefaf60000 end_va = 0x7fefb02dfff entry_point = 0x7fefaf60000 region_type = mapped_file name = "mpssvc.dll" filename = "\\Windows\\System32\\MPSSVC.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll") Region: id = 1889 start_va = 0x7fefb040000 end_va = 0x7fefb0effff entry_point = 0x7fefb040000 region_type = mapped_file name = "bfe.dll" filename = "\\Windows\\System32\\BFE.DLL" (normalized: "c:\\windows\\system32\\bfe.dll") Region: id = 1890 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1891 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1892 start_va = 0x7fefb500000 end_va = 0x7fefb552fff entry_point = 0x7fefb500000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1893 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1894 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1895 start_va = 0x7fefb740000 end_va = 0x7fefb74afff entry_point = 0x7fefb740000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1896 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1897 start_va = 0x7fefb900000 end_va = 0x7fefba26fff entry_point = 0x7fefb900000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1898 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1899 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1900 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1901 start_va = 0x7fefcd70000 end_va = 0x7fefce2afff entry_point = 0x7fefcd70000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1902 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1903 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1904 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1905 start_va = 0x7fefd090000 end_va = 0x7fefd099fff entry_point = 0x7fefd090000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1906 start_va = 0x7fefd0a0000 end_va = 0x7fefd0acfff entry_point = 0x7fefd0a0000 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1907 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1908 start_va = 0x7fefd420000 end_va = 0x7fefd426fff entry_point = 0x7fefd420000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1909 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1910 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1911 start_va = 0x7fefd600000 end_va = 0x7fefd621fff entry_point = 0x7fefd600000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1912 start_va = 0x7fefd680000 end_va = 0x7fefd6aefff entry_point = 0x7fefd680000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1913 start_va = 0x7fefda30000 end_va = 0x7fefda3afff entry_point = 0x7fefda30000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1914 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1915 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1916 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1917 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1918 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1919 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1920 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1921 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1922 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1923 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1924 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1925 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1926 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1927 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1928 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1929 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1930 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1931 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1932 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1933 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1934 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1935 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1936 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1937 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1938 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1939 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1940 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1941 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1942 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1943 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1944 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1945 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1946 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1947 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1948 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1949 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1950 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1951 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1952 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1953 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1954 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1955 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1956 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1957 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1958 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1959 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1960 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3335 start_va = 0x3020000 end_va = 0x341ffff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 3336 start_va = 0x3540000 end_va = 0x36eafff entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 3337 start_va = 0x3a40000 end_va = 0x3e78fff entry_point = 0x0 region_type = private name = "private_0x0000000003a40000" filename = "" Region: id = 3338 start_va = 0x3e80000 end_va = 0x1fbcdfff entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 3339 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Thread: id = 256 os_tid = 0x9dc Thread: id = 257 os_tid = 0x828 Thread: id = 258 os_tid = 0x348 Thread: id = 259 os_tid = 0x778 Thread: id = 260 os_tid = 0x774 Thread: id = 261 os_tid = 0x744 Thread: id = 262 os_tid = 0x520 Thread: id = 263 os_tid = 0x510 Thread: id = 264 os_tid = 0x50c Thread: id = 265 os_tid = 0x508 Thread: id = 266 os_tid = 0x504 Thread: id = 267 os_tid = 0x4e0 Thread: id = 268 os_tid = 0x4a4 Thread: id = 269 os_tid = 0x488 Thread: id = 270 os_tid = 0x480 Thread: id = 271 os_tid = 0x468 Thread: id = 272 os_tid = 0x448 Thread: id = 273 os_tid = 0x444 Thread: id = 274 os_tid = 0x438 Thread: id = 275 os_tid = 0x434 Thread: id = 276 os_tid = 0x428 Thread: id = 277 os_tid = 0x420 Thread: id = 391 os_tid = 0x348 Process: id = "17" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x60a6000" os_pid = "0x4ec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2218 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2219 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2220 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2221 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2222 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2223 start_va = 0x1b0000 end_va = 0x1b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2224 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2225 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2226 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2227 start_va = 0x1f0000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2228 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2229 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2230 start_va = 0x290000 end_va = 0x291fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 2231 start_va = 0x2a0000 end_va = 0x2a1fff entry_point = 0x2a0000 region_type = mapped_file name = "msutb.dll.mui" filename = "\\Windows\\System32\\en-US\\msutb.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msutb.dll.mui") Region: id = 2232 start_va = 0x2b0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 2233 start_va = 0x2f0000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2234 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2235 start_va = 0x470000 end_va = 0x5f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2236 start_va = 0x600000 end_va = 0x780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2237 start_va = 0x790000 end_va = 0x1b8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2238 start_va = 0x1b90000 end_va = 0x1f82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b90000" filename = "" Region: id = 2239 start_va = 0x1f90000 end_va = 0x1f90fff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 2240 start_va = 0x1fa0000 end_va = 0x1fa0fff entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 2241 start_va = 0x1fb0000 end_va = 0x202ffff entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 2242 start_va = 0x20e0000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 2243 start_va = 0x2160000 end_va = 0x223efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002160000" filename = "" Region: id = 2244 start_va = 0x22a0000 end_va = 0x231ffff entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 2245 start_va = 0x2340000 end_va = 0x23bffff entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 2246 start_va = 0x23d0000 end_va = 0x244ffff entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 2247 start_va = 0x2450000 end_va = 0x250ffff entry_point = 0x2450000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2248 start_va = 0x2590000 end_va = 0x260ffff entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2249 start_va = 0x2620000 end_va = 0x269ffff entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 2250 start_va = 0x2790000 end_va = 0x280ffff entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 2251 start_va = 0x2870000 end_va = 0x28effff entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 2252 start_va = 0x2920000 end_va = 0x299ffff entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 2253 start_va = 0x2a70000 end_va = 0x2aeffff entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 2254 start_va = 0x2b50000 end_va = 0x2b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 2255 start_va = 0x2b60000 end_va = 0x2e2efff entry_point = 0x2b60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2256 start_va = 0x2ee0000 end_va = 0x2f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 2257 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2258 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2259 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2260 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2261 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2262 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2263 start_va = 0xff440000 end_va = 0xff453fff entry_point = 0xff440000 region_type = mapped_file name = "taskhost.exe" filename = "\\Windows\\System32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe") Region: id = 2264 start_va = 0x7fef6b10000 end_va = 0x7fef6b4afff entry_point = 0x7fef6b10000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 2265 start_va = 0x7fef7000000 end_va = 0x7fef700bfff entry_point = 0x7fef7000000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2266 start_va = 0x7fef7010000 end_va = 0x7fef701dfff entry_point = 0x7fef7010000 region_type = mapped_file name = "dimsjob.dll" filename = "\\Windows\\System32\\dimsjob.dll" (normalized: "c:\\windows\\system32\\dimsjob.dll") Region: id = 2267 start_va = 0x7fef8670000 end_va = 0x7fef86e3fff entry_point = 0x7fef8670000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2268 start_va = 0x7fef9010000 end_va = 0x7fef904cfff entry_point = 0x7fef9010000 region_type = mapped_file name = "msutb.dll" filename = "\\Windows\\System32\\msutb.dll" (normalized: "c:\\windows\\system32\\msutb.dll") Region: id = 2269 start_va = 0x7fef9050000 end_va = 0x7fef905afff entry_point = 0x7fef9050000 region_type = mapped_file name = "msctfmonitor.dll" filename = "\\Windows\\System32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll") Region: id = 2270 start_va = 0x7fef9060000 end_va = 0x7fef906afff entry_point = 0x7fef9060000 region_type = mapped_file name = "hotstartuseragent.dll" filename = "\\Windows\\System32\\HotStartUserAgent.dll" (normalized: "c:\\windows\\system32\\hotstartuseragent.dll") Region: id = 2271 start_va = 0x7fefaa40000 end_va = 0x7fefaa57fff entry_point = 0x7fefaa40000 region_type = mapped_file name = "playsndsrv.dll" filename = "\\Windows\\System32\\PlaySndSrv.dll" (normalized: "c:\\windows\\system32\\playsndsrv.dll") Region: id = 2272 start_va = 0x7fefb740000 end_va = 0x7fefb74afff entry_point = 0x7fefb740000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 2273 start_va = 0x7fefb750000 end_va = 0x7fefb75bfff entry_point = 0x7fefb750000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2274 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2275 start_va = 0x7fefb900000 end_va = 0x7fefba26fff entry_point = 0x7fefb900000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2276 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2277 start_va = 0x7fefc090000 end_va = 0x7fefc0a7fff entry_point = 0x7fefc090000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2278 start_va = 0x7fefc4c0000 end_va = 0x7fefc515fff entry_point = 0x7fefc4c0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2279 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2280 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2281 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2282 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2283 start_va = 0x7fefdb40000 end_va = 0x7fefdb7cfff entry_point = 0x7fefdb40000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2284 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2285 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2286 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2287 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2288 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2289 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2290 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2291 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2292 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2293 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2294 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2295 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2296 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2297 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2298 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2299 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2300 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2301 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2302 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2303 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2304 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2305 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2306 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2307 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2308 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2309 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2310 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2311 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2312 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2313 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Thread: id = 278 os_tid = 0x9cc Thread: id = 279 os_tid = 0x5d0 Thread: id = 280 os_tid = 0x7f4 Thread: id = 281 os_tid = 0x7e0 Thread: id = 282 os_tid = 0x7dc Thread: id = 283 os_tid = 0x7d8 Thread: id = 284 os_tid = 0x7d0 Thread: id = 285 os_tid = 0x538 Thread: id = 286 os_tid = 0x524 Thread: id = 287 os_tid = 0x4fc Thread: id = 288 os_tid = 0x4f0 Thread: id = 358 os_tid = 0xb60 Process: id = "18" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x6a902000" os_pid = "0x6c0" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "taskhost.exe $(Arg0)" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT TASK\\Microsoft-Windows-SideShow-AutoWake" [0xe], "NT TASK\\Microsoft-Windows-SideShow-SystemDataProviders" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-UsbCeip" [0xe], "NT TASK\\Microsoft-Windows-Ras-MobilityManager" [0xe], "NT TASK\\Microsoft-Windows-PerfTrack-BackgroundConfigSurveyor" [0xe], "NT TASK\\Microsoft-Windows-RAC-RacTask" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-KernelCeipTask" [0xe], "NT AUTHORITY\\Logon Session 00000000:000287e3" [0xc0000007], "LOCAL" [0x7] Region: id = 1642 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1643 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1644 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1645 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1646 start_va = 0xb0000 end_va = 0x16ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1647 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1648 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1649 start_va = 0x190000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1650 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1651 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1652 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1653 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1654 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1655 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1656 start_va = 0x270000 end_va = 0x270fff entry_point = 0x270000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1657 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1658 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1659 start_va = 0x480000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1660 start_va = 0x500000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1661 start_va = 0x520000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1662 start_va = 0x540000 end_va = 0x541fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1663 start_va = 0x550000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1664 start_va = 0x560000 end_va = 0x6e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1665 start_va = 0x6f0000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 1666 start_va = 0x880000 end_va = 0xc72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1667 start_va = 0xc80000 end_va = 0xd3ffff entry_point = 0xc80000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1668 start_va = 0xd60000 end_va = 0xd60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d60000" filename = "" Region: id = 1669 start_va = 0xd70000 end_va = 0xd71fff entry_point = 0xd70000 region_type = mapped_file name = "winsatapi.dll.mui" filename = "\\Windows\\System32\\en-US\\WinSATAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winsatapi.dll.mui") Region: id = 1670 start_va = 0xd80000 end_va = 0xdfffff entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1671 start_va = 0xe00000 end_va = 0xe00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 1672 start_va = 0xe10000 end_va = 0xe1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 1673 start_va = 0xe20000 end_va = 0xe20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e20000" filename = "" Region: id = 1674 start_va = 0xe30000 end_va = 0xeaffff entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 1675 start_va = 0xeb0000 end_va = 0xebffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 1676 start_va = 0xec0000 end_va = 0xec0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 1677 start_va = 0xed0000 end_va = 0xedffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 1678 start_va = 0xf20000 end_va = 0xf9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 1679 start_va = 0xfa0000 end_va = 0x1029fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 1680 start_va = 0x1030000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1681 start_va = 0x1170000 end_va = 0x11effff entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 1682 start_va = 0x1200000 end_va = 0x127ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1683 start_va = 0x1280000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 1684 start_va = 0x1300000 end_va = 0x15cbfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001300000" filename = "" Region: id = 1685 start_va = 0x15d0000 end_va = 0x189efff entry_point = 0x15d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1686 start_va = 0x18a0000 end_va = 0x199ffff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 1687 start_va = 0x19c0000 end_va = 0x1a3ffff entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 1688 start_va = 0x1a50000 end_va = 0x1acffff entry_point = 0x0 region_type = private name = "private_0x0000000001a50000" filename = "" Region: id = 1689 start_va = 0x1ad0000 end_va = 0x1b59fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ad0000" filename = "" Region: id = 1690 start_va = 0x1ba0000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ba0000" filename = "" Region: id = 1691 start_va = 0x1c90000 end_va = 0x1d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 1692 start_va = 0x1d10000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 1693 start_va = 0x2160000 end_va = 0x21dffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1694 start_va = 0x21e0000 end_va = 0x22dffff entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 1695 start_va = 0x2400000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1696 start_va = 0x2490000 end_va = 0x250ffff entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1697 start_va = 0x2550000 end_va = 0x255ffff entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 1698 start_va = 0x2560000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1699 start_va = 0x27c0000 end_va = 0x283ffff entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1700 start_va = 0x2890000 end_va = 0x290ffff entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 1701 start_va = 0x2910000 end_va = 0x298ffff entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1702 start_va = 0x2990000 end_va = 0x2c5bfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002990000" filename = "" Region: id = 1703 start_va = 0x2d50000 end_va = 0x2dcffff entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 1704 start_va = 0x2e00000 end_va = 0x2e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 1705 start_va = 0x2e90000 end_va = 0x2f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 1706 start_va = 0x74440000 end_va = 0x74442fff entry_point = 0x74440000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 1707 start_va = 0x74560000 end_va = 0x74602fff entry_point = 0x74560000 region_type = mapped_file name = "msvcr90.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcr90.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcr90.dll") Region: id = 1708 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1709 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1710 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1711 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1712 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1713 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1714 start_va = 0xff440000 end_va = 0xff453fff entry_point = 0xff440000 region_type = mapped_file name = "taskhost.exe" filename = "\\Windows\\System32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe") Region: id = 1715 start_va = 0x7fef4a30000 end_va = 0x7fef4a40fff entry_point = 0x7fef4a30000 region_type = mapped_file name = "msoxmlmf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\msoxmlmf.dll") Region: id = 1716 start_va = 0x7fef4a50000 end_va = 0x7fef4ad4fff entry_point = 0x7fef4a50000 region_type = mapped_file name = "winsatapi.dll" filename = "\\Windows\\System32\\WinSATAPI.dll" (normalized: "c:\\windows\\system32\\winsatapi.dll") Region: id = 1717 start_va = 0x7fef4ae0000 end_va = 0x7fef4bb0fff entry_point = 0x7fef4ae0000 region_type = mapped_file name = "sqlceqp30.dll" filename = "\\Windows\\System32\\sqlceqp30.dll" (normalized: "c:\\windows\\system32\\sqlceqp30.dll") Region: id = 1718 start_va = 0x7fef4bc0000 end_va = 0x7fef4c33fff entry_point = 0x7fef4bc0000 region_type = mapped_file name = "sqlcese30.dll" filename = "\\Windows\\System32\\sqlcese30.dll" (normalized: "c:\\windows\\system32\\sqlcese30.dll") Region: id = 1719 start_va = 0x7fef7b20000 end_va = 0x7fef7d11fff entry_point = 0x7fef7b20000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1720 start_va = 0x7fef8150000 end_va = 0x7fef8182fff entry_point = 0x7fef8150000 region_type = mapped_file name = "sqlceoledb30.dll" filename = "\\Windows\\System32\\sqlceoledb30.dll" (normalized: "c:\\windows\\system32\\sqlceoledb30.dll") Region: id = 1721 start_va = 0x7fef8190000 end_va = 0x7fef830ffff entry_point = 0x7fef8190000 region_type = mapped_file name = "racengn.dll" filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll") Region: id = 1722 start_va = 0x7fef8c00000 end_va = 0x7fef8c41fff entry_point = 0x7fef8c00000 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1723 start_va = 0x7fef8fa0000 end_va = 0x7fef8faffff entry_point = 0x7fef8fa0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 1724 start_va = 0x7fef8fb0000 end_va = 0x7fef8fc1fff entry_point = 0x7fef8fb0000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 1725 start_va = 0x7fefa720000 end_va = 0x7fefa7c6fff entry_point = 0x7fefa720000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1726 start_va = 0x7fefb900000 end_va = 0x7fefba26fff entry_point = 0x7fefb900000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1727 start_va = 0x7fefbb40000 end_va = 0x7fefbb6bfff entry_point = 0x7fefbb40000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1728 start_va = 0x7fefc050000 end_va = 0x7fefc084fff entry_point = 0x7fefc050000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1729 start_va = 0x7fefc090000 end_va = 0x7fefc0a7fff entry_point = 0x7fefc090000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1730 start_va = 0x7fefc2a0000 end_va = 0x7fefc4b4fff entry_point = 0x7fefc2a0000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 1731 start_va = 0x7fefc520000 end_va = 0x7fefc64bfff entry_point = 0x7fefc520000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1732 start_va = 0x7fefc670000 end_va = 0x7fefc863fff entry_point = 0x7fefc670000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1733 start_va = 0x7fefcb60000 end_va = 0x7fefcb8cfff entry_point = 0x7fefcb60000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1734 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1735 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1736 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1737 start_va = 0x7fefd6c0000 end_va = 0x7fefd72cfff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1738 start_va = 0x7fefda60000 end_va = 0x7fefda84fff entry_point = 0x7fefda60000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1739 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1740 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1741 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1742 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1743 start_va = 0x7fefdc50000 end_va = 0x7fefdc89fff entry_point = 0x7fefdc50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1744 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1745 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1746 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1747 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1748 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1749 start_va = 0x7fefe180000 end_va = 0x7fefef07fff entry_point = 0x7fefe180000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1750 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1751 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1752 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1753 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1754 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1755 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1756 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1757 start_va = 0x7feff730000 end_va = 0x7feff781fff entry_point = 0x7feff730000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1758 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1759 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1760 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1761 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1762 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1763 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1764 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1765 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1766 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1767 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1768 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1769 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1770 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1771 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1772 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1773 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1774 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1775 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1776 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1777 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1778 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 289 os_tid = 0x9b8 Thread: id = 290 os_tid = 0x750 Thread: id = 291 os_tid = 0x73c Thread: id = 292 os_tid = 0x760 Thread: id = 293 os_tid = 0x730 Thread: id = 294 os_tid = 0x6f4 Thread: id = 295 os_tid = 0x788 Thread: id = 296 os_tid = 0x490 Thread: id = 297 os_tid = 0x4a8 Thread: id = 298 os_tid = 0x4a0 Thread: id = 299 os_tid = 0x498 Thread: id = 300 os_tid = 0x4ac Thread: id = 375 os_tid = 0xb64 Process: id = "19" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x4fb1f000" os_pid = "0xa34" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0004b226" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 670 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 671 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 672 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 673 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 674 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 675 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 676 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 677 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 678 start_va = 0x250000 end_va = 0x30ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 679 start_va = 0x310000 end_va = 0x320fff entry_point = 0x310000 region_type = mapped_file name = "vssvc.exe.mui" filename = "\\Windows\\System32\\en-US\\VSSVC.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssvc.exe.mui") Region: id = 680 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 681 start_va = 0x340000 end_va = 0x340fff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 682 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 683 start_va = 0x460000 end_va = 0x5e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 684 start_va = 0x600000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 685 start_va = 0x610000 end_va = 0x790fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 686 start_va = 0x7a0000 end_va = 0xb92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 687 start_va = 0xc00000 end_va = 0xc7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 688 start_va = 0xd00000 end_va = 0xd7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 689 start_va = 0xd90000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 690 start_va = 0xfc0000 end_va = 0x103ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 691 start_va = 0x1040000 end_va = 0x130efff entry_point = 0x1040000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 692 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 693 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 694 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 695 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 696 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 697 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 698 start_va = 0xff060000 end_va = 0xff1eafff entry_point = 0xff060000 region_type = mapped_file name = "vssvc.exe" filename = "\\Windows\\System32\\VSSVC.exe" (normalized: "c:\\windows\\system32\\vssvc.exe") Region: id = 699 start_va = 0x7fef8340000 end_va = 0x7fef8353fff entry_point = 0x7fef8340000 region_type = mapped_file name = "xolehlp.dll" filename = "\\Windows\\System32\\xolehlp.dll" (normalized: "c:\\windows\\system32\\xolehlp.dll") Region: id = 700 start_va = 0x7fef8370000 end_va = 0x7fef8379fff entry_point = 0x7fef8370000 region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 701 start_va = 0x7fef8390000 end_va = 0x7fef8398fff entry_point = 0x7fef8390000 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 702 start_va = 0x7fef8540000 end_va = 0x7fef8558fff entry_point = 0x7fef8540000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 703 start_va = 0x7fef8560000 end_va = 0x7fef85affff entry_point = 0x7fef8560000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 704 start_va = 0x7fefac50000 end_va = 0x7fefac66fff entry_point = 0x7fefac50000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 705 start_va = 0x7fefac70000 end_va = 0x7fefae1ffff entry_point = 0x7fefac70000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 706 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 707 start_va = 0x7fefbd70000 end_va = 0x7fefbd83fff entry_point = 0x7fefbd70000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 708 start_va = 0x7fefbd90000 end_va = 0x7fefbda4fff entry_point = 0x7fefbd90000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 709 start_va = 0x7fefbdb0000 end_va = 0x7fefbdbbfff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 710 start_va = 0x7fefbdc0000 end_va = 0x7fefbdd5fff entry_point = 0x7fefbdc0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 711 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 712 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 713 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 714 start_va = 0x7fefd680000 end_va = 0x7fefd6aefff entry_point = 0x7fefd680000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 715 start_va = 0x7fefd730000 end_va = 0x7fefd743fff entry_point = 0x7fefd730000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 716 start_va = 0x7fefd990000 end_va = 0x7fefd9b2fff entry_point = 0x7fefd990000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 717 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 718 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 719 start_va = 0x7fefdc90000 end_va = 0x7fefdca9fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 720 start_va = 0x7fefde20000 end_va = 0x7fefde55fff entry_point = 0x7fefde20000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 721 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 722 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 723 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 724 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 725 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 726 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 727 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 728 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 729 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 730 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 731 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 732 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 733 start_va = 0x7feffbf0000 end_va = 0x7feffdc6fff entry_point = 0x7feffbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 734 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 735 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 736 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 737 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 738 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 739 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 740 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 741 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 742 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1131 start_va = 0x350000 end_va = 0x350fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 1132 start_va = 0xee0000 end_va = 0xf5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1133 start_va = 0x1320000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 1134 start_va = 0x7fef8320000 end_va = 0x7fef8333fff entry_point = 0x7fef8320000 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 1135 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1136 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1137 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1138 start_va = 0x7fefc650000 end_va = 0x7fefc66cfff entry_point = 0x7fefc650000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1139 start_va = 0x5f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1140 start_va = 0x7fefb6d0000 end_va = 0x7fefb736fff entry_point = 0x7fefb6d0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1270 start_va = 0x7fefc520000 end_va = 0x7fefc64bfff entry_point = 0x7fefc520000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1271 start_va = 0x7fef4620000 end_va = 0x7fef46a4fff entry_point = 0x7fef4620000 region_type = mapped_file name = "catsrvut.dll" filename = "\\Windows\\System32\\catsrvut.dll" (normalized: "c:\\windows\\system32\\catsrvut.dll") Region: id = 1272 start_va = 0x7fef8360000 end_va = 0x7fef836bfff entry_point = 0x7fef8360000 region_type = mapped_file name = "mfcsubs.dll" filename = "\\Windows\\System32\\mfcsubs.dll" (normalized: "c:\\windows\\system32\\mfcsubs.dll") Thread: id = 301 os_tid = 0xa5c Thread: id = 302 os_tid = 0xa58 Thread: id = 303 os_tid = 0xa54 Thread: id = 304 os_tid = 0xa50 Thread: id = 305 os_tid = 0xa38 Thread: id = 306 os_tid = 0xa60 Thread: id = 308 os_tid = 0xa6c Thread: id = 309 os_tid = 0xa70 Thread: id = 366 os_tid = 0xb98 Process: id = "20" image_name = "mscorsvw.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe" page_root = "0x4eb26000" os_pid = "0xa64" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 1114 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1115 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1116 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1117 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1118 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1119 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1120 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1121 start_va = 0x400000 end_va = 0x42efff entry_point = 0x400000 region_type = mapped_file name = "mscorsvw.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe") Region: id = 1122 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1123 start_va = 0x77e30000 end_va = 0x77faffff entry_point = 0x77e30000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1124 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1125 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1126 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1127 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1128 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1129 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1130 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1464 start_va = 0x1e0000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1465 start_va = 0x75360000 end_va = 0x75367fff entry_point = 0x75360000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1466 start_va = 0x75370000 end_va = 0x753cbfff entry_point = 0x75370000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1467 start_va = 0x753d0000 end_va = 0x7540efff entry_point = 0x753d0000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1468 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1469 start_va = 0x290000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1470 start_va = 0x390000 end_va = 0x3f6fff entry_point = 0x390000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1471 start_va = 0x75bb0000 end_va = 0x75bf5fff entry_point = 0x75bb0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1472 start_va = 0x75fd0000 end_va = 0x760dffff entry_point = 0x75fd0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1473 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x0 region_type = private name = "private_0x0000000077a30000" filename = "" Region: id = 1474 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x0 region_type = private name = "private_0x0000000077b50000" filename = "" Region: id = 1475 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1476 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1477 start_va = 0x560000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1478 start_va = 0x756e0000 end_va = 0x756e4fff entry_point = 0x756e0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 1479 start_va = 0x756f0000 end_va = 0x7570bfff entry_point = 0x756f0000 region_type = mapped_file name = "oledlg.dll" filename = "\\Windows\\SysWOW64\\oledlg.dll" (normalized: "c:\\windows\\syswow64\\oledlg.dll") Region: id = 1480 start_va = 0x75710000 end_va = 0x7574bfff entry_point = 0x75710000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 1481 start_va = 0x75750000 end_va = 0x75781fff entry_point = 0x75750000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 1482 start_va = 0x75790000 end_va = 0x757e0fff entry_point = 0x75790000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 1483 start_va = 0x757f0000 end_va = 0x75873fff entry_point = 0x757f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1484 start_va = 0x75980000 end_va = 0x7598bfff entry_point = 0x75980000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1485 start_va = 0x75990000 end_va = 0x759effff entry_point = 0x75990000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1486 start_va = 0x75a30000 end_va = 0x75a48fff entry_point = 0x75a30000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1487 start_va = 0x760e0000 end_va = 0x7617ffff entry_point = 0x760e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1488 start_va = 0x76180000 end_va = 0x761d6fff entry_point = 0x76180000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1489 start_va = 0x763c0000 end_va = 0x763c9fff entry_point = 0x763c0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1490 start_va = 0x763e0000 end_va = 0x764dffff entry_point = 0x763e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1491 start_va = 0x76670000 end_va = 0x7671bfff entry_point = 0x76670000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1492 start_va = 0x767f0000 end_va = 0x7686afff entry_point = 0x767f0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1493 start_va = 0x76920000 end_va = 0x77569fff entry_point = 0x76920000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1494 start_va = 0x775d0000 end_va = 0x776bffff entry_point = 0x775d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1495 start_va = 0x776c0000 end_va = 0x7781bfff entry_point = 0x776c0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1496 start_va = 0x77820000 end_va = 0x778affff entry_point = 0x77820000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1497 start_va = 0x77990000 end_va = 0x77a2cfff entry_point = 0x77990000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1498 start_va = 0x570000 end_va = 0x6f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1499 start_va = 0x76720000 end_va = 0x767ebfff entry_point = 0x76720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1500 start_va = 0x77570000 end_va = 0x775cffff entry_point = 0x77570000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1805 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1806 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1807 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x1b0000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 1808 start_va = 0x1c0000 end_va = 0x1dafff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1809 start_va = 0x430000 end_va = 0x4effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1810 start_va = 0x700000 end_va = 0x880fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1811 start_va = 0x980000 end_va = 0x98ffff entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1812 start_va = 0xb40000 end_va = 0xb4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 1813 start_va = 0x260000 end_va = 0x271fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2165 start_va = 0x990000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2166 start_va = 0x990000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2167 start_va = 0xad0000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 2168 start_va = 0x990000 end_va = 0xa8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2169 start_va = 0xab0000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 2170 start_va = 0x4f0000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2171 start_va = 0xb50000 end_va = 0xc4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 2172 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2173 start_va = 0x756a0000 end_va = 0x756b5fff entry_point = 0x756a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2174 start_va = 0x890000 end_va = 0x8cbfff entry_point = 0x890000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2175 start_va = 0x890000 end_va = 0x8cbfff entry_point = 0x890000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2176 start_va = 0x890000 end_va = 0x8cbfff entry_point = 0x890000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2177 start_va = 0x890000 end_va = 0x8cbfff entry_point = 0x890000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2178 start_va = 0x890000 end_va = 0x8cbfff entry_point = 0x890000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2179 start_va = 0x75660000 end_va = 0x7569afff entry_point = 0x75660000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2180 start_va = 0xc50000 end_va = 0xf1efff entry_point = 0xc50000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2181 start_va = 0x75a60000 end_va = 0x75b7cfff entry_point = 0x75a60000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2182 start_va = 0x763d0000 end_va = 0x763dbfff entry_point = 0x763d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2183 start_va = 0x890000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 2184 start_va = 0x8d0000 end_va = 0x90ffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 2185 start_va = 0x910000 end_va = 0x94ffff entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 2186 start_va = 0xf20000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 2187 start_va = 0x1020000 end_va = 0x111ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2188 start_va = 0x1120000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2189 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2190 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2191 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2216 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 2217 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2341 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2342 start_va = 0x540000 end_va = 0x546fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2343 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2344 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2345 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2346 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2347 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2348 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2349 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2350 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2351 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2352 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2353 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2354 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2355 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2356 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2357 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2358 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2359 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2360 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2361 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2362 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2363 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2364 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2365 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2366 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2367 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2368 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2369 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2370 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2371 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2372 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2373 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2374 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2375 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2376 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2377 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2378 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2379 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2380 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2381 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2382 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2383 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2384 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2385 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2386 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2387 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2388 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2389 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2390 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2391 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2392 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2393 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2394 start_va = 0x75a20000 end_va = 0x75a24fff entry_point = 0x75a20000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2395 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2396 start_va = 0x540000 end_va = 0x546fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2397 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2398 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2399 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2400 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2401 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2402 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2403 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2404 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2405 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2406 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2407 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2408 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2409 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2410 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2411 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2412 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2413 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2414 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2415 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2416 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2417 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2418 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2419 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2420 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2421 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2422 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2423 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2424 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2425 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2426 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2427 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2428 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2429 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2430 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2431 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2432 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2433 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2434 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2435 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2436 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2437 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2438 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2439 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2440 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2441 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2442 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2443 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2444 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2445 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2446 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2447 start_va = 0x530000 end_va = 0x536fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2448 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2449 start_va = 0x756c0000 end_va = 0x756d6fff entry_point = 0x756c0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2450 start_va = 0x75650000 end_va = 0x7565afff entry_point = 0x75650000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2519 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2520 start_va = 0xae0000 end_va = 0xb1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 2521 start_va = 0x1220000 end_va = 0x131ffff entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 2522 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2523 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2524 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2525 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2526 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2527 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2528 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2529 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2530 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2531 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2532 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2533 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2534 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2535 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2536 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2537 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2538 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2539 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3420 start_va = 0x1320000 end_va = 0x1585fff entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 3421 start_va = 0x1320000 end_va = 0x1707fff entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Thread: id = 307 os_tid = 0xa68 [0066.130] ImageList_DragLeave (hwndLock=0x74d88) returned 0 [0066.130] ImageList_DragLeave (hwndLock=0x6f743) returned 0 [0066.130] InitCommonControls () [0066.130] ImageList_DragLeave (hwndLock=0x7345b) returned 0 [0066.130] ImageList_DragEnter (hwndLock=0x705f9, x=103, y=375) returned 0 [0066.130] ImageList_DragEnter (hwndLock=0x3e954, x=489, y=141) returned 0 [0066.130] ImageList_DragMove (x=245, y=179) returned 0 [0066.130] ImageList_DragMove (x=206, y=455) returned 0 [0066.131] ImageList_DragLeave (hwndLock=0x3b579) returned 0 [0066.131] ImageList_EndDrag () [0066.131] ImageList_DragMove (x=230, y=299) returned 0 [0066.131] InitCommonControls () [0066.131] InitCommonControls () [0066.131] ImageList_DragLeave (hwndLock=0x3c00c) returned 0 [0066.131] ImageList_DragMove (x=438, y=399) returned 0 [0066.131] ImageList_EndDrag () [0066.131] ImageList_DragMove (x=216, y=73) returned 0 [0066.131] ImageList_BeginDrag (himlTrack=0x0, iTrack=50, dxHotspot=99, dyHotspot=463) returned 0 [0066.131] ImageList_EndDrag () [0066.131] ImageList_DragLeave (hwndLock=0x361eb) returned 0 [0066.131] ImageList_EndDrag () [0066.131] ImageList_EndDrag () [0066.131] ImageList_DragEnter (hwndLock=0x18a13, x=297, y=462) returned 0 [0066.131] ImageList_DragMove (x=120, y=282) returned 0 [0066.131] ImageList_DragMove (x=322, y=378) returned 0 [0066.131] ImageList_BeginDrag (himlTrack=0x46d6d, iTrack=35, dxHotspot=205, dyHotspot=218) returned 0 [0066.131] ImageList_DragEnter (hwndLock=0x55c45, x=328, y=173) returned 0 [0066.131] ImageList_DragEnter (hwndLock=0x7f1e, x=240, y=35) returned 0 [0066.131] ImageList_DragMove (x=191, y=218) returned 0 [0066.131] ImageList_EndDrag () [0066.131] ImageList_EndDrag () [0066.131] InitCommonControls () [0066.131] ImageList_DragMove (x=261, y=313) returned 0 [0066.132] ImageList_BeginDrag (himlTrack=0x18febc, iTrack=72, dxHotspot=220, dyHotspot=105) returned 0 [0066.132] ImageList_EndDrag () [0066.132] ImageList_DragMove (x=461, y=70) returned 0 [0066.132] ImageList_DragLeave (hwndLock=0x10a00) returned 0 [0066.132] InitCommonControls () [0066.132] ImageList_DragEnter (hwndLock=0x37369, x=152, y=473) returned 0 [0066.132] InitCommonControls () [0066.132] ImageList_DragEnter (hwndLock=0x76a51, x=159, y=362) returned 0 [0066.132] ImageList_DragMove (x=8, y=25) returned 0 [0066.132] ImageList_DragEnter (hwndLock=0x666cd, x=356, y=4) returned 0 [0066.132] ImageList_EndDrag () [0066.132] ImageList_EndDrag () [0066.132] ImageList_BeginDrag (himlTrack=0x5deb7, iTrack=24, dxHotspot=51, dyHotspot=119) returned 0 [0066.132] ImageList_DragMove (x=500, y=353) returned 0 [0066.132] ImageList_DragEnter (hwndLock=0x3983f, x=296, y=444) returned 0 [0066.132] ImageList_DragEnter (hwndLock=0x20f04, x=121, y=464) returned 0 [0066.132] InitCommonControls () [0066.132] InitCommonControls () [0066.132] ImageList_BeginDrag (himlTrack=0x61dbb, iTrack=26, dxHotspot=307, dyHotspot=13) returned 0 [0066.132] ImageList_DragLeave (hwndLock=0x7024f) returned 0 [0066.132] InitCommonControls () [0066.132] InitCommonControls () [0066.132] ImageList_BeginDrag (himlTrack=0x15214, iTrack=50, dxHotspot=215, dyHotspot=6) returned 0 [0066.132] ImageList_EndDrag () [0066.132] ImageList_DragLeave (hwndLock=0x4e742) returned 0 [0066.132] InitCommonControls () [0066.133] ImageList_BeginDrag (himlTrack=0x379c7, iTrack=42, dxHotspot=156, dyHotspot=147) returned 0 [0066.133] InitCommonControls () [0066.133] ImageList_BeginDrag (himlTrack=0x41fd, iTrack=64, dxHotspot=373, dyHotspot=310) returned 0 [0066.133] ImageList_DragEnter (hwndLock=0x0, x=414, y=314) returned 0 [0066.133] ImageList_BeginDrag (himlTrack=0x4c67d, iTrack=44, dxHotspot=133, dyHotspot=98) returned 0 [0066.133] ImageList_DragMove (x=421, y=446) returned 0 [0066.133] ImageList_DragEnter (hwndLock=0x34b3d, x=428, y=123) returned 0 [0066.133] ImageList_DragEnter (hwndLock=0x3608b, x=26, y=439) returned 0 [0066.133] InitCommonControls () [0066.133] ImageList_DragEnter (hwndLock=0x371bc, x=64, y=367) returned 0 [0066.133] ImageList_EndDrag () [0066.133] ImageList_DragMove (x=402, y=394) returned 0 [0066.133] InitCommonControls () [0066.133] ImageList_DragMove (x=13, y=233) returned 0 [0066.133] ImageList_BeginDrag (himlTrack=0x7ffa0, iTrack=79, dxHotspot=55, dyHotspot=98) returned 0 [0066.134] ImageList_EndDrag () [0066.134] ImageList_DragLeave (hwndLock=0xa695) returned 0 [0066.134] ImageList_BeginDrag (himlTrack=0x21569, iTrack=56, dxHotspot=216, dyHotspot=36) returned 0 [0066.134] ImageList_DragMove (x=444, y=459) returned 0 [0066.134] ImageList_DragLeave (hwndLock=0x1ab1e) returned 0 [0066.134] ImageList_BeginDrag (himlTrack=0x2ed9e, iTrack=22, dxHotspot=323, dyHotspot=138) returned 0 [0066.134] ImageList_DragEnter (hwndLock=0x30c38, x=258, y=471) returned 0 [0066.134] ImageList_DragLeave (hwndLock=0x27201) returned 0 [0066.134] ImageList_EndDrag () [0066.134] ImageList_EndDrag () [0066.134] ImageList_BeginDrag (himlTrack=0x23de6, iTrack=100, dxHotspot=462, dyHotspot=407) returned 0 [0066.134] ImageList_BeginDrag (himlTrack=0x9597, iTrack=26, dxHotspot=321, dyHotspot=44) returned 0 [0066.135] ImageList_BeginDrag (himlTrack=0x2fadd, iTrack=75, dxHotspot=6, dyHotspot=0) returned 0 [0066.135] InitCommonControls () [0066.135] ImageList_BeginDrag (himlTrack=0x18ff3c, iTrack=17, dxHotspot=219, dyHotspot=407) returned 0 [0066.135] ImageList_DragEnter (hwndLock=0x310da, x=195, y=145) returned 0 [0066.135] ImageList_EndDrag () [0066.135] ImageList_DragLeave (hwndLock=0x5b740) returned 0 [0066.135] ImageList_EndDrag () [0066.135] ImageList_DragLeave (hwndLock=0x2ee3d) returned 0 [0066.135] ImageList_BeginDrag (himlTrack=0x73355, iTrack=0, dxHotspot=66, dyHotspot=377) returned 0 [0066.135] ImageList_EndDrag () [0066.135] ImageList_DragEnter (hwndLock=0xbe8d, x=374, y=19) returned 0 [0066.135] ImageList_DragMove (x=208, y=168) returned 0 [0066.135] InitCommonControls () [0066.135] InitCommonControls () [0066.135] GetACP () returned 0x4e4 [0066.135] GetACP () returned 0x4e4 [0066.135] GetACP () returned 0x4e4 [0066.135] GetACP () returned 0x4e4 [0066.135] GetACP () returned 0x4e4 [0066.135] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.136] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.137] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.138] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.139] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.140] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.141] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.142] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.143] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.144] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.145] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.146] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.147] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.148] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.149] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.150] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.151] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.152] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.153] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.154] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.155] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.156] GetACP () returned 0x4e4 [0066.157] GetACP () returned 0x4e4 [0071.359] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0071.359] VirtualAlloc (lpAddress=0x0, dwSize=0x11a00, flAllocationType=0x1000, flProtect=0x4) returned 0x260000 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.359] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.360] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.361] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.362] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.363] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.364] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.365] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.366] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.367] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.368] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.369] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.370] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.371] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.372] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.373] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.374] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.375] GetACP () returned 0x4e4 [0071.376] GetACP () returned 0x4e4 [0071.376] GetACP () returned 0x4e4 [0071.376] GetACP () returned 0x4e4 [0071.376] GetACP () returned 0x4e4 [0076.625] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1b000, flNewProtect=0x40, lpflOldProtect=0x1d90f0 | out: lpflOldProtect=0x1d90f0*=0x2) returned 1 [0076.627] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1d90f0 | out: lpflOldProtect=0x1d90f0*=0x40) returned 1 [0076.628] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0076.628] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75fd0000 [0076.628] GetProcAddress (hModule=0x75fd0000, lpProcName="OutputDebugStringA") returned 0x7600b2b7 [0076.628] GetProcAddress (hModule=0x75fd0000, lpProcName="HeapValidate") returned 0x75ffb17b [0076.642] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f61c, nSize=0x1000 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe")) returned 0x3a [0076.642] GetVersionExW (in: lpVersionInformation=0x18fcbc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fcbc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0076.642] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18fca8 | out: Wow64Process=0x18fca8) returned 1 [0076.642] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc84 | out: TokenHandle=0x18fc84*=0xcc) returned 1 [0076.642] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc80 | out: TokenInformation=0x0, ReturnLength=0x18fc80) returned 0 [0076.642] GetLastError () returned 0x7a [0076.643] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0xab0f98, TokenInformationLength=0x58, ReturnLength=0x18fc80 | out: TokenInformation=0xab0f98, ReturnLength=0x18fc80) returned 1 [0076.643] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fc90, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fc88 | out: pSid=0x18fc88*=0x2a16c8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0076.643] EqualSid (pSid1=0x2a16c8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0xab0fbc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0076.643] NtClose (Handle=0xcc) returned 0x0 [0076.643] RtlQueryElevationFlags () returned 0x0 [0076.644] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0076.644] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0xabb8d0, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0076.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0xabbbe0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0076.645] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0xabb8d0, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0076.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0xabbc40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0076.645] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0xabb8d0, cchName=0x104 | out: lpName="SAM") returned 0x0 [0076.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0xabbc88, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0076.645] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0xabb8d0, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0076.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0xabbc40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0076.646] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0xabb8d0, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0076.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0xabbc88, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0076.646] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0076.646] RegCloseKey (hKey=0x80000002) returned 0x0 [0076.647] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0xabb8d0, cchName=0x104 | out: lpName="ATI Technologies") returned 0x0 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0xabc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ati technologies", lpUsedDefaultChar=0x0) returned 16 [0076.647] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0xabb8d0, cchName=0x104 | out: lpName="CBSTEST") returned 0x0 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cbstest", lpUsedDefaultChar=0x0) returned 7 [0076.647] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0xabb8d0, cchName=0x104 | out: lpName="Classes") returned 0x0 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0xabc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="classes", lpUsedDefaultChar=0x0) returned 7 [0076.647] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0xabb8d0, cchName=0x104 | out: lpName="Clients") returned 0x0 [0076.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clients", lpUsedDefaultChar=0x0) returned 7 [0076.648] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0xabb8d0, cchName=0x104 | out: lpName="Intel") returned 0x0 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intel", lpUsedDefaultChar=0x0) returned 5 [0076.648] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x5, lpName=0xabb8d0, cchName=0x104 | out: lpName="Macromedia") returned 0x0 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0xabc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="macromedia", lpUsedDefaultChar=0x0) returned 10 [0076.648] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x6, lpName=0xabb8d0, cchName=0x104 | out: lpName="Microsoft") returned 0x0 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft", lpUsedDefaultChar=0x0) returned 9 [0076.649] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0076.649] RegCloseKey (hKey=0xcc) returned 0x0 [0076.649] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0xabb8d0, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0076.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0xabc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0076.649] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0xabb8d0, cchName=0x104 | out: lpName="Active Setup") returned 0x0 [0076.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0xabc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active setup", lpUsedDefaultChar=0x0) returned 12 [0076.649] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0xabb8d0, cchName=0x104 | out: lpName="ADs") returned 0x0 [0076.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ads", lpUsedDefaultChar=0x0) returned 3 [0076.650] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0xabb8d0, cchName=0x104 | out: lpName="Advanced INF Setup") returned 0x0 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0xabc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advanced inf setup", lpUsedDefaultChar=0x0) returned 18 [0076.650] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0xabb8d0, cchName=0x104 | out: lpName="ALG") returned 0x0 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0076.650] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0xabb8d0, cchName=0x104 | out: lpName="ASP.NET") returned 0x0 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0xabc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net", lpUsedDefaultChar=0x0) returned 7 [0076.651] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0xabb8d0, cchName=0x104 | out: lpName="Assistance") returned 0x0 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0xabc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="assistance", lpUsedDefaultChar=0x0) returned 10 [0076.651] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0xabb8d0, cchName=0x104 | out: lpName="BidInterface") returned 0x0 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0xabc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bidinterface", lpUsedDefaultChar=0x0) returned 12 [0076.651] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0xabb8d0, cchName=0x104 | out: lpName="COM3") returned 0x0 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="com3", lpUsedDefaultChar=0x0) returned 4 [0076.651] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0xabb8d0, cchName=0x104 | out: lpName="Command Processor") returned 0x0 [0076.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0xabc0c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="command processor", lpUsedDefaultChar=0x0) returned 17 [0076.652] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0xabb8d0, cchName=0x104 | out: lpName="Connect to a Network Projector") returned 0x0 [0076.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0xabc108, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="connect to a network projector", lpUsedDefaultChar=0x0) returned 30 [0076.654] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0xabb8d0, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0076.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0xabc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptography", lpUsedDefaultChar=0x0) returned 12 [0076.655] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0xabb8d0, cchName=0x104 | out: lpName="CTF") returned 0x0 [0076.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctf", lpUsedDefaultChar=0x0) returned 3 [0076.655] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0xabb8d0, cchName=0x104 | out: lpName="DataAccess") returned 0x0 [0076.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0xabc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dataaccess", lpUsedDefaultChar=0x0) returned 10 [0076.656] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0xabb8d0, cchName=0x104 | out: lpName="DataFactory") returned 0x0 [0076.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datafactory", lpUsedDefaultChar=0x0) returned 11 [0076.656] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0xabb8d0, cchName=0x104 | out: lpName="DevDiv") returned 0x0 [0076.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0xabc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="devdiv", lpUsedDefaultChar=0x0) returned 6 [0076.656] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0xabb8d0, cchName=0x104 | out: lpName="Dfrg") returned 0x0 [0076.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfrg", lpUsedDefaultChar=0x0) returned 4 [0076.656] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0xabb8d0, cchName=0x104 | out: lpName="DFS") returned 0x0 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfs", lpUsedDefaultChar=0x0) returned 3 [0076.657] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectDraw") returned 0x0 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0xabc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directdraw", lpUsedDefaultChar=0x0) returned 10 [0076.657] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectInput") returned 0x0 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directinput", lpUsedDefaultChar=0x0) returned 11 [0076.657] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectMusic") returned 0x0 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directmusic", lpUsedDefaultChar=0x0) returned 11 [0076.658] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectPlay8") returned 0x0 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplay8", lpUsedDefaultChar=0x0) returned 11 [0076.658] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectPlayNATHelp") returned 0x0 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0xabc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplaynathelp", lpUsedDefaultChar=0x0) returned 17 [0076.658] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectShow") returned 0x0 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0xabc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directshow", lpUsedDefaultChar=0x0) returned 10 [0076.658] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0xabb8d0, cchName=0x104 | out: lpName="DirectX") returned 0x0 [0076.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directx", lpUsedDefaultChar=0x0) returned 7 [0076.659] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0xabb8d0, cchName=0x104 | out: lpName="Driver Signing") returned 0x0 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0xabc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driver signing", lpUsedDefaultChar=0x0) returned 14 [0076.659] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0xabb8d0, cchName=0x104 | out: lpName="DRM") returned 0x0 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drm", lpUsedDefaultChar=0x0) returned 3 [0076.659] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0xabb8d0, cchName=0x104 | out: lpName="DVR") returned 0x0 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dvr", lpUsedDefaultChar=0x0) returned 3 [0076.660] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0xabb8d0, cchName=0x104 | out: lpName="DXP") returned 0x0 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dxp", lpUsedDefaultChar=0x0) returned 3 [0076.660] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0xabb8d0, cchName=0x104 | out: lpName="EnterpriseCertificates") returned 0x0 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0xabc0c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enterprisecertificates", lpUsedDefaultChar=0x0) returned 22 [0076.660] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0xabb8d0, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0076.660] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0xabb8d0, cchName=0x104 | out: lpName="Exchange") returned 0x0 [0076.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exchange", lpUsedDefaultChar=0x0) returned 8 [0076.661] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0xabb8d0, cchName=0x104 | out: lpName="Fax") returned 0x0 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0076.661] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0xabb8d0, cchName=0x104 | out: lpName="Feeds") returned 0x0 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feeds", lpUsedDefaultChar=0x0) returned 5 [0076.661] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0xabb8d0, cchName=0x104 | out: lpName="FlashConfig") returned 0x0 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashconfig", lpUsedDefaultChar=0x0) returned 11 [0076.662] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0xabb8d0, cchName=0x104 | out: lpName="FTH") returned 0x0 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fth", lpUsedDefaultChar=0x0) returned 3 [0076.662] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0xabb8d0, cchName=0x104 | out: lpName="Function Discovery") returned 0x0 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0xabc108, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="function discovery", lpUsedDefaultChar=0x0) returned 18 [0076.662] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0xabb8d0, cchName=0x104 | out: lpName="Fusion") returned 0x0 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0xabc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fusion", lpUsedDefaultChar=0x0) returned 6 [0076.662] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0xabb8d0, cchName=0x104 | out: lpName="GPUPipeline") returned 0x0 [0076.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpupipeline", lpUsedDefaultChar=0x0) returned 11 [0076.663] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0xabb8d0, cchName=0x104 | out: lpName="HTMLHelp") returned 0x0 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="htmlhelp", lpUsedDefaultChar=0x0) returned 8 [0076.663] RegEnumKeyW (in: hKey=0x38, dwIndex=0x28, lpName=0xabb8d0, cchName=0x104 | out: lpName="IdentityCRL") returned 0x0 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitycrl", lpUsedDefaultChar=0x0) returned 11 [0076.663] RegEnumKeyW (in: hKey=0x38, dwIndex=0x29, lpName=0xabb8d0, cchName=0x104 | out: lpName="IdentityStore") returned 0x0 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0xabc0c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitystore", lpUsedDefaultChar=0x0) returned 13 [0076.664] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2a, lpName=0xabb8d0, cchName=0x104 | out: lpName="IMAPI") returned 0x0 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0xabc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imapi", lpUsedDefaultChar=0x0) returned 5 [0076.664] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2b, lpName=0xabb8d0, cchName=0x104 | out: lpName="IMEJP") returned 0x0 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imejp", lpUsedDefaultChar=0x0) returned 5 [0076.664] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2c, lpName=0xabb8d0, cchName=0x104 | out: lpName="IMEKR") returned 0x0 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0xabc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imekr", lpUsedDefaultChar=0x0) returned 5 [0076.664] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2d, lpName=0xabb8d0, cchName=0x104 | out: lpName="IMETC") returned 0x0 [0076.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imetc", lpUsedDefaultChar=0x0) returned 5 [0076.665] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2e, lpName=0xabb8d0, cchName=0x104 | out: lpName="Internet Account Manager") returned 0x0 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0xabc108, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet account manager", lpUsedDefaultChar=0x0) returned 24 [0076.665] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2f, lpName=0xabb8d0, cchName=0x104 | out: lpName="Internet Domains") returned 0x0 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0xabc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet domains", lpUsedDefaultChar=0x0) returned 16 [0076.665] RegEnumKeyW (in: hKey=0x38, dwIndex=0x30, lpName=0xabb8d0, cchName=0x104 | out: lpName="Internet Explorer") returned 0x0 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0xabc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet explorer", lpUsedDefaultChar=0x0) returned 17 [0076.666] RegEnumKeyW (in: hKey=0x38, dwIndex=0x31, lpName=0xabb8d0, cchName=0x104 | out: lpName="IsoBurn") returned 0x0 [0076.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0xabc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isoburn", lpUsedDefaultChar=0x0) returned 7 [0076.666] RegEnumKeyW (in: hKey=0x38, dwIndex=0x32, lpName=0xabb8d0, cchName=0x104 | out: lpName="Loki") returned 0x0 [0076.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="loki", lpUsedDefaultChar=0x0) returned 4 [0076.666] RegEnumKeyW (in: hKey=0x38, dwIndex=0x33, lpName=0xabb8d0, cchName=0x104 | out: lpName="MediaCenterPeripheral") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0xabc0c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediacenterperipheral", lpUsedDefaultChar=0x0) returned 21 [0076.667] RegEnumKeyW (in: hKey=0x38, dwIndex=0x34, lpName=0xabb8d0, cchName=0x104 | out: lpName="MediaPlayer") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediaplayer", lpUsedDefaultChar=0x0) returned 11 [0076.667] RegEnumKeyW (in: hKey=0x38, dwIndex=0x35, lpName=0xabb8d0, cchName=0x104 | out: lpName="MessengerService") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0xabc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messengerservice", lpUsedDefaultChar=0x0) returned 16 [0076.667] RegEnumKeyW (in: hKey=0x38, dwIndex=0x36, lpName=0xabb8d0, cchName=0x104 | out: lpName="Microsoft Reference") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0xabc108, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft reference", lpUsedDefaultChar=0x0) returned 19 [0076.667] RegEnumKeyW (in: hKey=0x38, dwIndex=0x37, lpName=0xabb8d0, cchName=0x104 | out: lpName="Microsoft SQL Server Compact Edition") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0xabc0c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sql server compact edition", lpUsedDefaultChar=0x0) returned 36 [0076.667] RegEnumKeyW (in: hKey=0x38, dwIndex=0x38, lpName=0xabb8d0, cchName=0x104 | out: lpName="MigWiz") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0xabc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="migwiz", lpUsedDefaultChar=0x0) returned 6 [0076.667] RegEnumKeyW (in: hKey=0x38, dwIndex=0x39, lpName=0xabb8d0, cchName=0x104 | out: lpName="MMC") returned 0x0 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmc", lpUsedDefaultChar=0x0) returned 3 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3a, lpName=0xabb8d0, cchName=0x104 | out: lpName="Mobile") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0xabc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mobile", lpUsedDefaultChar=0x0) returned 6 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3b, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSBuild") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0xabc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msbuild", lpUsedDefaultChar=0x0) returned 7 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3c, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSDE") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msde", lpUsedDefaultChar=0x0) returned 4 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3d, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3e, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSF") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msf", lpUsedDefaultChar=0x0) returned 3 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3f, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSLicensing") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mslicensing", lpUsedDefaultChar=0x0) returned 11 [0076.668] RegEnumKeyW (in: hKey=0x38, dwIndex=0x40, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSMQ") returned 0x0 [0076.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msmq", lpUsedDefaultChar=0x0) returned 4 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x41, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSN Apps") returned 0x0 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msn apps", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msn apps", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msn apps", lpUsedDefaultChar=0x0) returned 8 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x42, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSOSOAP") returned 0x0 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msosoap", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msosoap", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msosoap", lpUsedDefaultChar=0x0) returned 7 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x43, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSSearch36") returned 0x0 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssearch36", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssearch36", cchWideChar=10, lpMultiByteStr=0xabc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssearch36", lpUsedDefaultChar=0x0) returned 10 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x44, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSSQLServer") returned 0x0 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssqlserver", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssqlserver", cchWideChar=11, lpMultiByteStr=0xabc108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssqlserver", lpUsedDefaultChar=0x0) returned 11 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x45, lpName=0xabb8d0, cchName=0x104 | out: lpName="Multimedia") returned 0x0 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="multimedia", cchWideChar=10, lpMultiByteStr=0xabc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="multimedia", lpUsedDefaultChar=0x0) returned 10 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x46, lpName=0xabb8d0, cchName=0x104 | out: lpName="NapServer") returned 0x0 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napserver", cchWideChar=9, lpMultiByteStr=0xabc108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="napserver", lpUsedDefaultChar=0x0) returned 9 [0076.669] RegEnumKeyW (in: hKey=0x38, dwIndex=0x47, lpName=0xabb8d0, cchName=0x104 | out: lpName="NET Framework Setup") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="net framework setup", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="net framework setup", cchWideChar=19, lpMultiByteStr=0xabc0c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="net framework setup", lpUsedDefaultChar=0x0) returned 19 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x48, lpName=0xabb8d0, cchName=0x104 | out: lpName="NetSh") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netsh", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netsh", cchWideChar=5, lpMultiByteStr=0xabc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh", lpUsedDefaultChar=0x0) returned 5 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x49, lpName=0xabb8d0, cchName=0x104 | out: lpName="Network") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="network", cchWideChar=7, lpMultiByteStr=0xabc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="network", lpUsedDefaultChar=0x0) returned 7 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4a, lpName=0xabb8d0, cchName=0x104 | out: lpName="NetworkAccessProtection") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkaccessprotection", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkaccessprotection", cchWideChar=23, lpMultiByteStr=0xabc108, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="networkaccessprotection", lpUsedDefaultChar=0x0) returned 23 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4b, lpName=0xabb8d0, cchName=0x104 | out: lpName="Non-Driver Signing") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="non-driver signing", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="non-driver signing", cchWideChar=18, lpMultiByteStr=0xabc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="non-driver signing", lpUsedDefaultChar=0x0) returned 18 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4c, lpName=0xabb8d0, cchName=0x104 | out: lpName="Notepad") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="notepad", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad", lpUsedDefaultChar=0x0) returned 7 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4d, lpName=0xabb8d0, cchName=0x104 | out: lpName="ODBC") returned 0x0 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="odbc", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="odbc", cchWideChar=4, lpMultiByteStr=0xabc0c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="odbc", lpUsedDefaultChar=0x0) returned 4 [0076.670] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4e, lpName=0xabb8d0, cchName=0x104 | out: lpName="Office") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="office", cchWideChar=6, lpMultiByteStr=0xabc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="office", lpUsedDefaultChar=0x0) returned 6 [0076.671] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4f, lpName=0xabb8d0, cchName=0x104 | out: lpName="OfficeSoftwareProtectionPlatform") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="officesoftwareprotectionplatform", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="officesoftwareprotectionplatform", cchWideChar=32, lpMultiByteStr=0xabc0c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="officesoftwareprotectionplatform", lpUsedDefaultChar=0x0) returned 32 [0076.671] RegEnumKeyW (in: hKey=0x38, dwIndex=0x50, lpName=0xabb8d0, cchName=0x104 | out: lpName="Ole") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ole", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ole", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ole", lpUsedDefaultChar=0x0) returned 3 [0076.671] RegEnumKeyW (in: hKey=0x38, dwIndex=0x51, lpName=0xabb8d0, cchName=0x104 | out: lpName="Outlook Express") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="outlook express", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="outlook express", cchWideChar=15, lpMultiByteStr=0xabc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook express", lpUsedDefaultChar=0x0) returned 15 [0076.671] RegEnumKeyW (in: hKey=0x38, dwIndex=0x52, lpName=0xabb8d0, cchName=0x104 | out: lpName="PLA") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pla", lpUsedDefaultChar=0x0) returned 3 [0076.671] RegEnumKeyW (in: hKey=0x38, dwIndex=0x53, lpName=0xabb8d0, cchName=0x104 | out: lpName="PowerShell") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell", cchWideChar=10, lpMultiByteStr=0xabc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powershell", lpUsedDefaultChar=0x0) returned 10 [0076.671] RegEnumKeyW (in: hKey=0x38, dwIndex=0x54, lpName=0xabb8d0, cchName=0x104 | out: lpName="Print") returned 0x0 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="print", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="print", cchWideChar=5, lpMultiByteStr=0xabc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="print", lpUsedDefaultChar=0x0) returned 5 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x55, lpName=0xabb8d0, cchName=0x104 | out: lpName="RADAR") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="radar", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="radar", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="radar", lpUsedDefaultChar=0x0) returned 5 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x56, lpName=0xabb8d0, cchName=0x104 | out: lpName="Ras") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras", lpUsedDefaultChar=0x0) returned 3 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x57, lpName=0xabb8d0, cchName=0x104 | out: lpName="RAS AutoDial") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ras autodial", cchWideChar=12, lpMultiByteStr=0xabc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ras autodial", lpUsedDefaultChar=0x0) returned 12 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x58, lpName=0xabb8d0, cchName=0x104 | out: lpName="Reliability Analysis") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="reliability analysis", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="reliability analysis", cchWideChar=20, lpMultiByteStr=0xabc108, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reliability analysis", lpUsedDefaultChar=0x0) returned 20 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x59, lpName=0xabb8d0, cchName=0x104 | out: lpName="RemovalTools") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="removaltools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="removaltools", cchWideChar=12, lpMultiByteStr=0xabc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="removaltools", lpUsedDefaultChar=0x0) returned 12 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5a, lpName=0xabb8d0, cchName=0x104 | out: lpName="RendezvousApps") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rendezvousapps", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rendezvousapps", cchWideChar=14, lpMultiByteStr=0xabc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rendezvousapps", lpUsedDefaultChar=0x0) returned 14 [0076.672] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5b, lpName=0xabb8d0, cchName=0x104 | out: lpName="Router") returned 0x0 [0076.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="router", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="router", cchWideChar=6, lpMultiByteStr=0xabc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="router", lpUsedDefaultChar=0x0) returned 6 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5c, lpName=0xabb8d0, cchName=0x104 | out: lpName="Rpc") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpc", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpc", lpUsedDefaultChar=0x0) returned 3 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5d, lpName=0xabb8d0, cchName=0x104 | out: lpName="SchedulingAgent") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedulingagent", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedulingagent", cchWideChar=15, lpMultiByteStr=0xabc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schedulingagent", lpUsedDefaultChar=0x0) returned 15 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5e, lpName=0xabb8d0, cchName=0x104 | out: lpName="Schema Library") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schema library", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schema library", cchWideChar=14, lpMultiByteStr=0xabc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schema library", lpUsedDefaultChar=0x0) returned 14 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5f, lpName=0xabb8d0, cchName=0x104 | out: lpName="Security Center") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security center", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security center", cchWideChar=15, lpMultiByteStr=0xabc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security center", lpUsedDefaultChar=0x0) returned 15 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x60, lpName=0xabb8d0, cchName=0x104 | out: lpName="Sensors") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensors", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensors", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sensors", lpUsedDefaultChar=0x0) returned 7 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x61, lpName=0xabb8d0, cchName=0x104 | out: lpName="Shared") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared", cchWideChar=6, lpMultiByteStr=0xabc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared", lpUsedDefaultChar=0x0) returned 6 [0076.673] RegEnumKeyW (in: hKey=0x38, dwIndex=0x62, lpName=0xabb8d0, cchName=0x104 | out: lpName="Shared Tools") returned 0x0 [0076.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools", cchWideChar=12, lpMultiByteStr=0xabc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools", lpUsedDefaultChar=0x0) returned 12 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x63, lpName=0xabb8d0, cchName=0x104 | out: lpName="Shared Tools Location") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools location", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shared tools location", cchWideChar=21, lpMultiByteStr=0xabc0c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shared tools location", lpUsedDefaultChar=0x0) returned 21 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x64, lpName=0xabb8d0, cchName=0x104 | out: lpName="SideShow") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sideshow", cchWideChar=8, lpMultiByteStr=0xabc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sideshow", lpUsedDefaultChar=0x0) returned 8 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x65, lpName=0xabb8d0, cchName=0x104 | out: lpName="SnippingTool") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snippingtool", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snippingtool", cchWideChar=12, lpMultiByteStr=0xabc0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snippingtool", lpUsedDefaultChar=0x0) returned 12 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x66, lpName=0xabb8d0, cchName=0x104 | out: lpName="Software") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0xabc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x67, lpName=0xabb8d0, cchName=0x104 | out: lpName="Speech") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="speech", cchWideChar=6, lpMultiByteStr=0xabc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="speech", lpUsedDefaultChar=0x0) returned 6 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x68, lpName=0xabb8d0, cchName=0x104 | out: lpName="SQMClient") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sqmclient", cchWideChar=9, lpMultiByteStr=0xabc108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sqmclient", lpUsedDefaultChar=0x0) returned 9 [0076.674] RegEnumKeyW (in: hKey=0x38, dwIndex=0x69, lpName=0xabb8d0, cchName=0x104 | out: lpName="Sync Framework") returned 0x0 [0076.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sync framework", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sync framework", cchWideChar=14, lpMultiByteStr=0xabc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sync framework", lpUsedDefaultChar=0x0) returned 14 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6a, lpName=0xabb8d0, cchName=0x104 | out: lpName="Sysprep") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysprep", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysprep", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sysprep", lpUsedDefaultChar=0x0) returned 7 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6b, lpName=0xabb8d0, cchName=0x104 | out: lpName="SystemCertificates") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systemcertificates", cchWideChar=18, lpMultiByteStr=0xabc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="systemcertificates", lpUsedDefaultChar=0x0) returned 18 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6c, lpName=0xabb8d0, cchName=0x104 | out: lpName="TableTextService") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletextservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletextservice", cchWideChar=16, lpMultiByteStr=0xabc108, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tabletextservice", lpUsedDefaultChar=0x0) returned 16 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6d, lpName=0xabb8d0, cchName=0x104 | out: lpName="TabletTip") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tablettip", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tablettip", cchWideChar=9, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tablettip", lpUsedDefaultChar=0x0) returned 9 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6e, lpName=0xabb8d0, cchName=0x104 | out: lpName="Tcpip") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tcpip", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tcpip", cchWideChar=5, lpMultiByteStr=0xabc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tcpip", lpUsedDefaultChar=0x0) returned 5 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6f, lpName=0xabb8d0, cchName=0x104 | out: lpName="Terminal Server Client") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="terminal server client", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="terminal server client", cchWideChar=22, lpMultiByteStr=0xabc0c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="terminal server client", lpUsedDefaultChar=0x0) returned 22 [0076.675] RegEnumKeyW (in: hKey=0x38, dwIndex=0x70, lpName=0xabb8d0, cchName=0x104 | out: lpName="TermServLicensing") returned 0x0 [0076.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservlicensing", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservlicensing", cchWideChar=17, lpMultiByteStr=0xabc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="termservlicensing", lpUsedDefaultChar=0x0) returned 17 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x71, lpName=0xabb8d0, cchName=0x104 | out: lpName="TIP Shared") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tip shared", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tip shared", cchWideChar=10, lpMultiByteStr=0xabc0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tip shared", lpUsedDefaultChar=0x0) returned 10 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x72, lpName=0xabb8d0, cchName=0x104 | out: lpName="TPG") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpg", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tpg", lpUsedDefaultChar=0x0) returned 3 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x73, lpName=0xabb8d0, cchName=0x104 | out: lpName="Tpm") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tpm", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tpm", lpUsedDefaultChar=0x0) returned 3 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x74, lpName=0xabb8d0, cchName=0x104 | out: lpName="Tracing") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tracing", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tracing", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tracing", lpUsedDefaultChar=0x0) returned 7 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x75, lpName=0xabb8d0, cchName=0x104 | out: lpName="Transaction Server") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transaction server", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transaction server", cchWideChar=18, lpMultiByteStr=0xabc0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transaction server", lpUsedDefaultChar=0x0) returned 18 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x76, lpName=0xabb8d0, cchName=0x104 | out: lpName="TV System Services") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tv system services", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tv system services", cchWideChar=18, lpMultiByteStr=0xabc108, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tv system services", lpUsedDefaultChar=0x0) returned 18 [0076.676] RegEnumKeyW (in: hKey=0x38, dwIndex=0x77, lpName=0xabb8d0, cchName=0x104 | out: lpName="uDRM") returned 0x0 [0076.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="udrm", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="udrm", cchWideChar=4, lpMultiByteStr=0xabc0c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="udrm", lpUsedDefaultChar=0x0) returned 4 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x78, lpName=0xabb8d0, cchName=0x104 | out: lpName="Updates") returned 0x0 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="updates", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="updates", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updates", lpUsedDefaultChar=0x0) returned 7 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x79, lpName=0xabb8d0, cchName=0x104 | out: lpName="UPnP Device Host") returned 0x0 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnp device host", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="upnp device host", cchWideChar=16, lpMultiByteStr=0xabc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="upnp device host", lpUsedDefaultChar=0x0) returned 16 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7a, lpName=0xabb8d0, cchName=0x104 | out: lpName="VBA") returned 0x0 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vba", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vba", lpUsedDefaultChar=0x0) returned 3 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7b, lpName=0xabb8d0, cchName=0x104 | out: lpName="Virtual Machine") returned 0x0 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="virtual machine", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="virtual machine", cchWideChar=15, lpMultiByteStr=0xabc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="virtual machine", lpUsedDefaultChar=0x0) returned 15 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7c, lpName=0xabb8d0, cchName=0x104 | out: lpName="VisualStudio") returned 0x0 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="visualstudio", cchWideChar=12, lpMultiByteStr=0xabc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="visualstudio", lpUsedDefaultChar=0x0) returned 12 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7d, lpName=0xabb8d0, cchName=0x104 | out: lpName="WAB") returned 0x0 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wab", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wab", lpUsedDefaultChar=0x0) returned 3 [0076.677] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7e, lpName=0xabb8d0, cchName=0x104 | out: lpName="WBEM") returned 0x0 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbem", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wbem", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbem", lpUsedDefaultChar=0x0) returned 4 [0076.678] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7f, lpName=0xabb8d0, cchName=0x104 | out: lpName="WIMMount") returned 0x0 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wimmount", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wimmount", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wimmount", lpUsedDefaultChar=0x0) returned 8 [0076.678] RegEnumKeyW (in: hKey=0x38, dwIndex=0x80, lpName=0xabb8d0, cchName=0x104 | out: lpName="Windows") returned 0x0 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="windows", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="windows", lpUsedDefaultChar=0x0) returned 7 [0076.678] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Windows", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0076.678] RegCloseKey (hKey=0x38) returned 0x0 [0076.678] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0xabb8d0, cchName=0x104 | out: lpName="CurrentVersion") returned 0x0 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="currentversion", cchWideChar=14, lpMultiByteStr=0xabc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currentversion", lpUsedDefaultChar=0x0) returned 14 [0076.678] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="CurrentVersion", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0076.678] RegCloseKey (hKey=0xcc) returned 0x0 [0076.678] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0xabb8d0, cchName=0x104 | out: lpName="App Management") returned 0x0 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app management", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app management", cchWideChar=14, lpMultiByteStr=0xabc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="app management", lpUsedDefaultChar=0x0) returned 14 [0076.678] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0xabb8d0, cchName=0x104 | out: lpName="App Paths") returned 0x0 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app paths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="app paths", cchWideChar=9, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="app paths", lpUsedDefaultChar=0x0) returned 9 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0xabb8d0, cchName=0x104 | out: lpName="Applets") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="applets", cchWideChar=7, lpMultiByteStr=0xabc108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="applets", lpUsedDefaultChar=0x0) returned 7 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0xabb8d0, cchName=0x104 | out: lpName="Audio") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audio", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audio", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audio", lpUsedDefaultChar=0x0) returned 5 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0xabb8d0, cchName=0x104 | out: lpName="Authentication") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="authentication", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="authentication", cchWideChar=14, lpMultiByteStr=0xabc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="authentication", lpUsedDefaultChar=0x0) returned 14 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0xabb8d0, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitlocker", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bitlocker", cchWideChar=9, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitlocker", lpUsedDefaultChar=0x0) returned 9 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0xabb8d0, cchName=0x104 | out: lpName="BITS") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0xabc108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0xabb8d0, cchName=0x104 | out: lpName="Component Based Servicing") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="component based servicing", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="component based servicing", cchWideChar=25, lpMultiByteStr=0xabc0c0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="component based servicing", lpUsedDefaultChar=0x0) returned 25 [0076.679] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0xabb8d0, cchName=0x104 | out: lpName="Control Panel") returned 0x0 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control panel", cchWideChar=13, lpMultiByteStr=0xabc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control panel", lpUsedDefaultChar=0x0) returned 13 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0xabb8d0, cchName=0x104 | out: lpName="Controls Folder") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="controls folder", cchWideChar=15, lpMultiByteStr=0xabc0c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="controls folder", lpUsedDefaultChar=0x0) returned 15 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0xabb8d0, cchName=0x104 | out: lpName="DateTime") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datetime", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datetime", cchWideChar=8, lpMultiByteStr=0xabc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datetime", lpUsedDefaultChar=0x0) returned 8 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0xabb8d0, cchName=0x104 | out: lpName="Device Installer") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device installer", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device installer", cchWideChar=16, lpMultiByteStr=0xabc0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="device installer", lpUsedDefaultChar=0x0) returned 16 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0xabb8d0, cchName=0x104 | out: lpName="Device Metadata") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device metadata", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="device metadata", cchWideChar=15, lpMultiByteStr=0xabc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="device metadata", lpUsedDefaultChar=0x0) returned 15 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0xabb8d0, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagnostics", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="diagnostics", cchWideChar=11, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="diagnostics", lpUsedDefaultChar=0x0) returned 11 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0xabb8d0, cchName=0x104 | out: lpName="DriverSearching") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driversearching", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driversearching", cchWideChar=15, lpMultiByteStr=0xabc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driversearching", lpUsedDefaultChar=0x0) returned 15 [0076.680] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0xabb8d0, cchName=0x104 | out: lpName="EventCollector") returned 0x0 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventcollector", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventcollector", cchWideChar=14, lpMultiByteStr=0xabc0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventcollector", lpUsedDefaultChar=0x0) returned 14 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0xabb8d0, cchName=0x104 | out: lpName="EventForwarding") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventforwarding", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventforwarding", cchWideChar=15, lpMultiByteStr=0xabc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventforwarding", lpUsedDefaultChar=0x0) returned 15 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0xabb8d0, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0xabb8d0, cchName=0x104 | out: lpName="Ext") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ext", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ext", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ext", lpUsedDefaultChar=0x0) returned 3 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0xabb8d0, cchName=0x104 | out: lpName="GameUX") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gameux", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gameux", cchWideChar=6, lpMultiByteStr=0xabc0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gameux", lpUsedDefaultChar=0x0) returned 6 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0xabb8d0, cchName=0x104 | out: lpName="Group Policy") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="group policy", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="group policy", cchWideChar=12, lpMultiByteStr=0xabc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="group policy", lpUsedDefaultChar=0x0) returned 12 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0xabb8d0, cchName=0x104 | out: lpName="Hints") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hints", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hints", cchWideChar=5, lpMultiByteStr=0xabc0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hints", lpUsedDefaultChar=0x0) returned 5 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0xabb8d0, cchName=0x104 | out: lpName="HomeGroup") returned 0x0 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroup", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroup", cchWideChar=9, lpMultiByteStr=0xabc108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroup", lpUsedDefaultChar=0x0) returned 9 [0076.681] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0xabb8d0, cchName=0x104 | out: lpName="HotStart") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hotstart", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hotstart", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hotstart", lpUsedDefaultChar=0x0) returned 8 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0xabb8d0, cchName=0x104 | out: lpName="IME") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ime", cchWideChar=3, lpMultiByteStr=0xabc108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ime", lpUsedDefaultChar=0x0) returned 3 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0xabb8d0, cchName=0x104 | out: lpName="Installer") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="installer", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="installer", cchWideChar=9, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installer", lpUsedDefaultChar=0x0) returned 9 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0xabb8d0, cchName=0x104 | out: lpName="Internet Settings") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet settings", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet settings", cchWideChar=17, lpMultiByteStr=0xabc108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet settings", lpUsedDefaultChar=0x0) returned 17 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0xabb8d0, cchName=0x104 | out: lpName="MCT") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mct", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mct", cchWideChar=3, lpMultiByteStr=0xabc0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mct", lpUsedDefaultChar=0x0) returned 3 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0xabb8d0, cchName=0x104 | out: lpName="Media Center") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="media center", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="media center", cchWideChar=12, lpMultiByteStr=0xabc108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="media center", lpUsedDefaultChar=0x0) returned 12 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0xabb8d0, cchName=0x104 | out: lpName="MMDevices") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmdevices", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmdevices", cchWideChar=9, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmdevices", lpUsedDefaultChar=0x0) returned 9 [0076.682] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0xabb8d0, cchName=0x104 | out: lpName="MSSHA") returned 0x0 [0076.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssha", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mssha", cchWideChar=5, lpMultiByteStr=0xabc108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mssha", lpUsedDefaultChar=0x0) returned 5 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0xabb8d0, cchName=0x104 | out: lpName="NetCache") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netcache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netcache", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netcache", lpUsedDefaultChar=0x0) returned 8 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0xabb8d0, cchName=0x104 | out: lpName="OEMInformation") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oeminformation", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oeminformation", cchWideChar=14, lpMultiByteStr=0xabc108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oeminformation", lpUsedDefaultChar=0x0) returned 14 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0xabb8d0, cchName=0x104 | out: lpName="OOBE") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oobe", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="oobe", cchWideChar=4, lpMultiByteStr=0xabc0c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oobe", lpUsedDefaultChar=0x0) returned 4 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0xabb8d0, cchName=0x104 | out: lpName="OptimalLayout") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="optimallayout", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="optimallayout", cchWideChar=13, lpMultiByteStr=0xabc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="optimallayout", lpUsedDefaultChar=0x0) returned 13 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0xabb8d0, cchName=0x104 | out: lpName="Parental Controls") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="parental controls", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="parental controls", cchWideChar=17, lpMultiByteStr=0xabc0c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="parental controls", lpUsedDefaultChar=0x0) returned 17 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0xabb8d0, cchName=0x104 | out: lpName="Personalization") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="personalization", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="personalization", cchWideChar=15, lpMultiByteStr=0xabc108, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="personalization", lpUsedDefaultChar=0x0) returned 15 [0076.683] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0xabb8d0, cchName=0x104 | out: lpName="PhotoPropertyHandler") returned 0x0 [0076.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="photopropertyhandler", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="photopropertyhandler", cchWideChar=20, lpMultiByteStr=0xabc0c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="photopropertyhandler", lpUsedDefaultChar=0x0) returned 20 [0076.684] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0xabb8d0, cchName=0x104 | out: lpName="PnPSysprep") returned 0x0 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnpsysprep", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnpsysprep", cchWideChar=10, lpMultiByteStr=0xabc108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnpsysprep", lpUsedDefaultChar=0x0) returned 10 [0076.684] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0xabb8d0, cchName=0x104 | out: lpName="Policies") returned 0x0 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policies", cchWideChar=8, lpMultiByteStr=0xabc0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policies", lpUsedDefaultChar=0x0) returned 8 [0076.684] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Policies", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0076.684] RegCloseKey (hKey=0x38) returned 0x0 [0076.684] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0xabb8d0, cchName=0x104 | out: lpName="ActiveDesktop") returned 0x0 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activedesktop", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="activedesktop", cchWideChar=13, lpMultiByteStr=0xabc108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="activedesktop", lpUsedDefaultChar=0x0) returned 13 [0076.684] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0xabb8d0, cchName=0x104 | out: lpName="Attachments") returned 0x0 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="attachments", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="attachments", cchWideChar=11, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="attachments", lpUsedDefaultChar=0x0) returned 11 [0076.684] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0xabb8d0, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer", cchWideChar=8, lpMultiByteStr=0xabc108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer", lpUsedDefaultChar=0x0) returned 8 [0076.684] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0xabb8d0, cchName=0x104 | out: lpName="NonEnum") returned 0x0 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nonenum", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nonenum", cchWideChar=7, lpMultiByteStr=0xabc0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nonenum", lpUsedDefaultChar=0x0) returned 7 [0076.685] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0xabb8d0, cchName=0x104 | out: lpName="System") returned 0x0 [0076.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0xabc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0076.685] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="System", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0076.685] RegCloseKey (hKey=0xcc) returned 0x0 [0076.685] RegEnumValueA (in: hKey=0x38, dwIndex=0x0, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorAdmin", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.685] RegEnumValueA (in: hKey=0x38, dwIndex=0x1, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorUser", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.685] RegEnumValueA (in: hKey=0x38, dwIndex=0x2, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableInstallerDetection", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.685] RegEnumValueA (in: hKey=0x38, dwIndex=0x3, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableLUA", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.685] RegEnumValueA (in: hKey=0x38, dwIndex=0x4, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableSecureUIAPaths", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.685] RegEnumValueA (in: hKey=0x38, dwIndex=0x5, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableUIADesktopToggle", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0x6, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableVirtualization", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0x7, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="PromptOnSecureDesktop", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0x8, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ValidateAdminCodeSignatures", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0x9, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="dontdisplaylastusername", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0xa, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticecaption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0xb, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticetext", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0xc, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="scforceoption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0xd, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="shutdownwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0xe, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="undockwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0xf, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.686] RegEnumValueA (in: hKey=0x38, dwIndex=0x10, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0076.686] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x0, lpcbData=0x18fc34*=0x0 | out: lpType=0x18fc2c*=0x4, lpData=0x0, lpcbData=0x18fc34*=0x4) returned 0x0 [0076.686] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0xabc420, lpcbData=0x18fc34*=0x4 | out: lpType=0x18fc2c*=0x4, lpData=0xabc420*=0x1, lpcbData=0x18fc34*=0x4) returned 0x0 [0076.686] RegCloseKey (hKey=0x38) returned 0x0 [0076.686] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fca8 | out: TokenHandle=0x18fca8*=0x38) returned 1 [0076.686] GetTokenInformation (in: TokenHandle=0x38, TokenInformationClass=0x14, TokenInformation=0x18fca4, TokenInformationLength=0x4, ReturnLength=0x18fca0 | out: TokenInformation=0x18fca4, ReturnLength=0x18fca0) returned 1 [0076.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc94 | out: TokenHandle=0x18fc94*=0xcc) returned 1 [0076.687] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc90 | out: TokenInformation=0x0, ReturnLength=0x18fc90) returned 0 [0076.687] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0xabc588, TokenInformationLength=0x14, ReturnLength=0x18fc90 | out: TokenInformation=0xabc588, ReturnLength=0x18fc90) returned 1 [0076.687] GetSidSubAuthorityCount (pSid=0xabc590*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0xabc591 [0076.687] GetSidSubAuthority (pSid=0xabc590*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0xabc598 [0076.687] NtClose (Handle=0xcc) returned 0x0 [0076.687] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0076.691] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2cc0d8, lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50 | out: lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50) returned 1 [0076.691] CreateMutexA (lpMutexAttributes=0x18fd9c, bInitialOwner=0, lpName="") returned 0x110 [0076.691] GetLastError () returned 0x0 [0076.691] LocalFree (hMem=0x2cc0d8) returned 0x0 [0076.691] CryptAcquireContextW (in: phProv=0x18fdc8, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fdc8*=0x2cc0d8) returned 1 [0076.702] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0076.702] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2ca400, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0076.702] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x114 [0076.703] GetLastError () returned 0x0 [0076.703] LocalFree (hMem=0x2ca400) returned 0x0 [0076.703] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0076.703] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2ca400, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0076.703] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x118 [0076.703] GetLastError () returned 0x0 [0076.703] LocalFree (hMem=0x2ca400) returned 0x0 [0076.703] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0076.704] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2ca400, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0076.704] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x120 [0076.704] GetLastError () returned 0x0 [0076.704] LocalFree (hMem=0x2ca400) returned 0x0 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc270, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc270, cbMultiByte=10, lpWideCharStr=0xabbb58, cchWideChar=10 | out: lpWideCharStr="svsho*.exe") returned 10 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc1e0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc1e0, cbMultiByte=10, lpWideCharStr=0xabfdc0, cchWideChar=10 | out: lpWideCharStr="schre*.bat") returned 10 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc198, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc198, cbMultiByte=7, lpWideCharStr=0xabfe48, cchWideChar=7 | out: lpWideCharStr="V01.lo*") returned 7 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc150, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc150, cbMultiByte=7, lpWideCharStr=0xabfed0, cchWideChar=7 | out: lpWideCharStr="V01.ch*") returned 7 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=11, lpWideCharStr=0xabff58, cchWideChar=11 | out: lpWideCharStr="V01res*.jrs") returned 11 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc0c0, cbMultiByte=11, lpWideCharStr=0x990448, cchWideChar=11 | out: lpWideCharStr="RacWmi*.sdf") returned 11 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=11, lpWideCharStr=0x9905f8, cchWideChar=11 | out: lpWideCharStr="Web*V01.dat") returned 11 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=25, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25 [0076.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=25, lpWideCharStr=0x990680, cchWideChar=25 | out: lpWideCharStr="System Volume Information") returned 25 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc150, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc150, cbMultiByte=12, lpWideCharStr=0x990708, cchWideChar=12 | out: lpWideCharStr="$RECYCLE.BIN") returned 12 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc198, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc198, cbMultiByte=8, lpWideCharStr=0x990790, cchWideChar=8 | out: lpWideCharStr="WebCache") returned 8 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=6, lpWideCharStr=0x990818, cchWideChar=6 | out: lpWideCharStr="Caches") returned 6 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc198, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc198, cbMultiByte=11, lpWideCharStr=0x9908a0, cchWideChar=11 | out: lpWideCharStr="MSSQLSERVER") returned 11 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc150, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc150, cbMultiByte=14, lpWideCharStr=0x990928, cchWideChar=14 | out: lpWideCharStr="SQLSERVERAGENT") returned 14 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=9, lpWideCharStr=0x9909b0, cchWideChar=9 | out: lpWideCharStr="SQLWriter") returned 9 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc0c0, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc0c0, cbMultiByte=14, lpWideCharStr=0x990a38, cchWideChar=14 | out: lpWideCharStr="MsDtsServer100") returned 14 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc1e0, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc1e0, cbMultiByte=14, lpWideCharStr=0x990ac0, cchWideChar=14 | out: lpWideCharStr="MsDtsServer110") returned 14 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0076.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=12, lpWideCharStr=0x990b48, cchWideChar=12 | out: lpWideCharStr="AcronisAgent") returned 12 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc0c0, cbMultiByte=9, lpWideCharStr=0x990bd0, cchWideChar=9 | out: lpWideCharStr="exfba.exe") returned 9 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc228, cbMultiByte=8, lpWideCharStr=0x990c58, cchWideChar=8 | out: lpWideCharStr="vmwp.exe") returned 8 [0076.707] ExpandEnvironmentStringsA (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\", lpDst=0x992558, nSize=0x2800 | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 0x32 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x992558, cbMultiByte=49, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x992558, cbMultiByte=49, lpWideCharStr=0x990ce0, cchWideChar=49 | out: lpWideCharStr="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 49 [0076.707] ExpandEnvironmentStringsA (in: lpSrc="%windir%", lpDst=0x992558, nSize=0x2800 | out: lpDst="C:\\Windows") returned 0xb [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x992558, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0076.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x992558, cbMultiByte=10, lpWideCharStr=0x990d68, cchWideChar=10 | out: lpWideCharStr="C:\\Windows") returned 10 [0076.707] ExpandEnvironmentStringsA (in: lpSrc="%temp%", lpDst=0x992558, nSize=0x2800 | out: lpDst="C:\\Windows\\TEMP") returned 0x10 [0076.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x992558, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0076.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x992558, cbMultiByte=15, lpWideCharStr=0x990df0, cchWideChar=15 | out: lpWideCharStr="C:\\Windows\\TEMP") returned 15 [0076.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0076.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc108, cbMultiByte=7, lpWideCharStr=0x990e78, cchWideChar=7 | out: lpWideCharStr=".locked") returned 7 [0076.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc468, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0076.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc468, cbMultiByte=11, lpWideCharStr=0x990f00, cchWideChar=11 | out: lpWideCharStr=".readme_txt") returned 11 [0076.708] WaitForSingleObject (hHandle=0x110, dwMilliseconds=0xffffffff) returned 0x0 [0076.708] GetSystemWow64DirectoryW (in: lpBuffer=0x9977f8, uSize=0x40 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0076.709] FindFirstFileExW (in: lpFileName="C:\\Windows\\SysWOW64\\*.dll", fInfoLevelId=0x1, lpFindFileData=0x18fafc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18fafc) returned 0x2cc198 [0076.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AACLIENT.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.709] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0xabc8e8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCESSIBILITYCPL.DLL", lpUsedDefaultChar=0x0) returned 20 [0076.711] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCTRES.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.711] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLEDIT.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.711] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0xabc8a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLUI.DLL", lpUsedDefaultChar=0x0) returned 9 [0076.711] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACPPAGE.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0xabc8a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTER.DLL", lpUsedDefaultChar=0x0) returned 16 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0xabc8e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTERCPL.DLL", lpUsedDefaultChar=0x0) returned 19 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIVEDS.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTXPRXY.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMPARSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMTMPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0xabc8a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 14 [0076.712] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDP.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDPC.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSMSEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0xabc8a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSNT.DLL", lpUsedDefaultChar=0x0) returned 9 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0xabc8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADTSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 13 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVAPI32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVPACK.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.713] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AECACHE.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AEEVTS.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALTTAB.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMSTREAM.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMXREAD.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0xabc8e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APDS.DLL", lpUsedDefaultChar=0x0) returned 8 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0xabc8a0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0076.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0xabc8e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0076.714] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0xabc8a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0xabc8e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0xabc8a0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.715] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.716] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.716] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0xabc8e8, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 38 [0076.716] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0xabc8a0, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 29 [0076.716] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0xabc8e8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0076.716] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0076.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0xabc8a0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0076.716] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0xabc8e8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0xabc8a0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0xabc8e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0xabc8a0, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 45 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0076.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0xabc8e8, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 41 [0076.717] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0xabc8a0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", lpUsedDefaultChar=0x0) returned 41 [0076.718] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0xabc8e8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0076.718] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0xabc8a0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0076.718] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.718] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0xabc8a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0076.718] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0xabc8e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0076.718] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0076.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0xabc8a0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0xabc8e8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0xabc8a0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8a0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.719] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.720] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0xabc8a0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0076.720] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0xabc8e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0076.720] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0xabc8a0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0076.720] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0xabc8e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0076.720] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0xabc8a0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0076.721] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0xabc8e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0076.721] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.721] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.721] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.721] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0xabc8e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0xabc8a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0xabc8e8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0xabc8a0, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0xabc8e8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0xabc8a0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0xabc8e8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0076.722] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0076.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0xabc8a0, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0xabc8e8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0xabc8a0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0xabc8e8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0xabc8a0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APILOGEN.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APIRCL.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0xabc8e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APISETSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 16 [0076.723] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHELP.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHLPDM.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDAPI.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0xabc8e8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDPOLICYENGINEAPI.DLL", lpUsedDefaultChar=0x0) returned 24 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGMTS.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGR.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0xabc8a0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APSS.DLL", lpUsedDefaultChar=0x0) returned 8 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASFERROR.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.724] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0xabc8a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASPNET_COUNTERS.DLL", lpUsedDefaultChar=0x0) returned 19 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASYCFILT.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0xabc8a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL.DLL", lpUsedDefaultChar=0x0) returned 7 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL100.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL110.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0xabc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMFD.DLL", lpUsedDefaultChar=0x0) returned 9 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMLIB.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.725] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIODEV.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOENG.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOKSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOSES.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0xabc8e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITNATIVESNAPIN.DLL", lpUsedDefaultChar=0x0) returned 21 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0xabc8a0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLICYGPINTEROP.DLL", lpUsedDefaultChar=0x0) returned 24 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0xabc8e8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLMSG.DLL", lpUsedDefaultChar=0x0) returned 15 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0xabc8a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWCFG.DLL", lpUsedDefaultChar=0x0) returned 13 [0076.726] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWGP.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0xabc8a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWSNAPIN.DLL", lpUsedDefaultChar=0x0) returned 16 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0xabc8e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWWIZFWK.DLL", lpUsedDefaultChar=0x0) returned 16 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0xabc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHZ.DLL", lpUsedDefaultChar=0x0) returned 9 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTOPLAY.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0xabc8e8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYAPI.DLL", lpUsedDefaultChar=0x0) returned 23 [0076.727] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0076.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0xabc8a0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYCPL.DLL", lpUsedDefaultChar=0x0) returned 23 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVICAP32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVIFIL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0xabc8e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVRT.DLL", lpUsedDefaultChar=0x0) returned 8 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLES.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZSQLEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BASECSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.728] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BATMETER.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPT.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0xabc8a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPTPRIMITIVES.DLL", lpUsedDefaultChar=0x0) returned 20 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIDISPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0xabc8a0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIOCREDPROV.DLL", lpUsedDefaultChar=0x0) returned 15 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPERF.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX2.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX3.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.729] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX4.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX5.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX6.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BLACKBOX.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BOOTVID.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWSEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.730] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTPANUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0xabc8a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWCONTEXTHANDLER.DLL", lpUsedDefaultChar=0x0) returned 20 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0xabc8e8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWUNPAIRELEVATED.DLL", lpUsedDefaultChar=0x0) returned 20 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABINET.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABVIEW.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0xabc8a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPIPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 16 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPISP.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRV.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.731] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVPS.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVUT.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0xabc8e8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CCA.DLL", lpUsedDefaultChar=0x0) returned 7 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CDOSYS.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCLI.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTCREDPROVIDER.DLL", cchWideChar=20, lpMultiByteStr=0xabc8a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTCREDPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 20 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENC.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENC.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLL.DLL", cchWideChar=14, lpMultiByteStr=0xabc8a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLL.DLL", lpUsedDefaultChar=0x0) returned 14 [0076.732] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTENROLLUI.DLL", cchWideChar=16, lpMultiByteStr=0xabc8e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTENROLLUI.DLL", lpUsedDefaultChar=0x0) returned 16 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTMGR.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTMGR.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CERTPOLENG.DLL", cchWideChar=14, lpMultiByteStr=0xabc8e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CERTPOLENG.DLL", lpUsedDefaultChar=0x0) returned 14 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CEWMDM.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CEWMDM.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGBKEND.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGBKEND.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CFGBKEND.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGMGR32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CFGMGR32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CFGMGR32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHSBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHSBRKR.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHSBRKR.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHTBRKR.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHTBRKR.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHTBRKR.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.733] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHXREADINGSTRINGIME.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CHXREADINGSTRINGIME.DLL", cchWideChar=23, lpMultiByteStr=0xabc8e8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHXREADINGSTRINGIME.DLL", lpUsedDefaultChar=0x0) returned 23 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CIC.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CIC.DLL", cchWideChar=7, lpMultiByteStr=0xabc8a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CIC.DLL", lpUsedDefaultChar=0x0) returned 7 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLB.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLB.DLL", cchWideChar=7, lpMultiByteStr=0xabc8e8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLB.DLL", lpUsedDefaultChar=0x0) returned 7 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLBCATQ.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLBCATQ.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLBCATQ.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLFSW32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLFSW32.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLFSW32.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLICONFG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLICONFG.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLICONFG.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLUSAPI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CLUSAPI.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CLUSAPI.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.734] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMCFG32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMCFG32.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMCFG32.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMDIAL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMDIAL32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMDIAL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMICRYPTINSTALL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMICRYPTINSTALL.DLL", cchWideChar=19, lpMultiByteStr=0xabc8a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMICRYPTINSTALL.DLL", lpUsedDefaultChar=0x0) returned 19 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIFW.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIFW.DLL", cchWideChar=9, lpMultiByteStr=0xabc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMIFW.DLL", lpUsedDefaultChar=0x0) returned 9 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIPNPINSTALL.DLL", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMIPNPINSTALL.DLL", cchWideChar=17, lpMultiByteStr=0xabc8a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMIPNPINSTALL.DLL", lpUsedDefaultChar=0x0) returned 17 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMLUA.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMLUA.DLL", cchWideChar=9, lpMultiByteStr=0xabc8e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMLUA.DLL", lpUsedDefaultChar=0x0) returned 9 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMPBK32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMPBK32.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMPBK32.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMSTPLUA.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMSTPLUA.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMSTPLUA.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.735] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMUTIL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CMUTIL.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CMUTIL.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGAUDIT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGAUDIT.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNGAUDIT.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGPROVIDER.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNGPROVIDER.DLL", cchWideChar=15, lpMultiByteStr=0xabc8a0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNGPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 15 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNVFAT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CNVFAT.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CNVFAT.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLBACT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLBACT.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLBACT.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORCNV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORCNV.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLORCNV.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COLORUI.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COLORUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.736] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCAT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCAT.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMCAT.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCTL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMCTL32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMCTL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMDLG32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMDLG32.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMDLG32.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPOBJ.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPOBJ.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMPOBJ.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPSTUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMPSTUI.DLL", cchWideChar=12, lpMultiByteStr=0xabc8e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMPSTUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMREPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMREPL.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMREPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMRES.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMRES.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMRES.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSNAP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSNAP.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMSNAP.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.737] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSVCS.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMSVCS.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMSVCS.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMUID.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="COMUID.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COMUID.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONCRT140.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONCRT140.DLL", cchWideChar=13, lpMultiByteStr=0xabc8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONCRT140.DLL", lpUsedDefaultChar=0x0) returned 13 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONNECT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONNECT.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONNECT.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONSOLE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CONSOLE.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONSOLE.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CORPOL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CORPOL.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CORPOL.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CPFILTERS.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CPFILTERS.DLL", cchWideChar=13, lpMultiByteStr=0xabc8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CPFILTERS.DLL", lpUsedDefaultChar=0x0) returned 13 [0076.738] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDSSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDSSP.DLL", cchWideChar=11, lpMultiByteStr=0xabc8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDSSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.739] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CREDUI.DLL", cchWideChar=10, lpMultiByteStr=0xabc8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.739] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRTDLL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRTDLL.DLL", cchWideChar=10, lpMultiByteStr=0xabc8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRTDLL.DLL", lpUsedDefaultChar=0x0) returned 10 [0076.739] FindNextFileW (in: hFindFile=0x2cc198, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0076.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRYPT32.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CRYPT32.DLL", cchWideChar=11, lpMultiByteStr=0xabc8e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRYPT32.DLL", lpUsedDefaultChar=0x0) returned 11 [0076.739] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="crypt32.dll", BaseAddress=0x18fd70 | out: BaseAddress=0x18fd70*=0x75a60000) returned 0x0 [0076.741] FindClose (in: hFindFile=0x2cc198 | out: hFindFile=0x2cc198) returned 1 [0076.741] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0076.741] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x9977f8, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x9977f8, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0076.741] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x9977f8, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x0, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x0, pcbStructInfo=0x18fd98) returned 1 [0076.743] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x9977f8, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x997f08, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x997f08, pcbStructInfo=0x18fd98) returned 1 [0076.743] CryptImportPublicKeyInfo (in: hCryptProv=0x2cc0d8, dwCertEncodingType=0x10001, pInfo=0x997f08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x997f38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x997f40*, PublicKey.cUnusedBits=0x0), phKey=0x18fda0 | out: phKey=0x18fda0*=0x2cc198) returned 1 [0076.744] ReleaseMutex (hMutex=0x110) returned 1 [0076.744] StartServiceCtrlDispatcherW (lpServiceTable=0x18fe10*(lpServiceName="", lpServiceProc=0x40f270)) Thread: id = 324 os_tid = 0xaac Thread: id = 325 os_tid = 0xab0 Thread: id = 326 os_tid = 0xab4 Thread: id = 327 os_tid = 0xab8 [0076.750] RegisterServiceCtrlHandlerExW (lpServiceName="", lpHandlerProc=0x40eff6, lpContext=0x0) returned 0x2e4a30 [0076.750] SetServiceStatus (hServiceStatus=0x2e4a30, lpServiceStatus=0x121ff58*(dwServiceType=0x10, dwCurrentState=0x4, dwControlsAccepted=0x7, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0076.756] Wow64DisableWow64FsRedirection (in: OldValue=0x121ff48 | out: OldValue=0x121ff48*=0x0) returned 1 [0076.756] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x997f08, nSize=0x200 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe")) returned 0x3a [0076.756] GetEnvironmentVariableW (in: lpName="COMPUTERNAME", lpBuffer=0x9977f8, nSize=0x40 | out: lpBuffer="XDUWTFONO") returned 0x9 [0076.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XDUWTFONO", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XDUWTFONO", cchWideChar=9, lpMultiByteStr=0xabc228, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XDUWTFONO", lpUsedDefaultChar=0x0) returned 9 [0076.756] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0076.757] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2e3c50, lpbSaclPresent=0x121fd64, pSacl=0x121fdc8, lpbSaclDefaulted=0x121fd64 | out: lpbSaclPresent=0x121fd64, pSacl=0x121fdc8, lpbSaclDefaulted=0x121fd64) returned 1 [0076.757] CreateEventA (lpEventAttributes=0x121fdbc, bManualReset=1, bInitialState=0, lpName="") returned 0x13c [0076.757] GetLastError () returned 0x0 [0076.757] LocalFree (hMem=0x2e3c50) returned 0x0 [0076.757] CryptAcquireContextW (in: phProv=0x121fdac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121fdac*=0x2e6f38) returned 1 [0076.757] CryptCreateHash (in: hProv=0x2e6f38, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x121fdac | out: phHash=0x121fdac) returned 1 [0076.758] CryptHashData (hHash=0x2e6a30, pbData=0xabc0c0, dwDataLen=0xb, dwFlags=0x0) returned 1 [0076.758] CryptGetHashParam (in: hHash=0x2e6a30, dwParam=0x4, pbData=0x121fdb0, pdwDataLen=0x121fdbc, dwFlags=0x0 | out: pbData=0x121fdb0, pdwDataLen=0x121fdbc) returned 1 [0076.758] CryptGetHashParam (in: hHash=0x2e6a30, dwParam=0x2, pbData=0xabc9c0, pdwDataLen=0x121fdb0, dwFlags=0x0 | out: pbData=0xabc9c0, pdwDataLen=0x121fdb0) returned 1 [0076.758] CryptDestroyHash (hHash=0x2e6a30) returned 1 [0076.758] CryptReleaseContext (hProv=0x2e6f38, dwFlags=0x0) returned 1 [0076.758] OpenEventA (dwDesiredAccess=0x100002, bInheritHandle=0, lpName="Global\\{92EAD6E2-16CB-825D-3763-CAC9D6ED414E}") returned 0x140 [0076.758] GetLastError () returned 0x0 [0076.758] CryptAcquireContextW (in: phProv=0x121fdac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121fdac*=0x2e6f38) returned 1 [0076.759] CryptCreateHash (in: hProv=0x2e6f38, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x121fdac | out: phHash=0x121fdac) returned 1 [0076.759] CryptHashData (hHash=0x2e6a30, pbData=0xabc0c0, dwDataLen=0xb, dwFlags=0x0) returned 1 [0076.759] CryptGetHashParam (in: hHash=0x2e6a30, dwParam=0x4, pbData=0x121fdb0, pdwDataLen=0x121fdbc, dwFlags=0x0 | out: pbData=0x121fdb0, pdwDataLen=0x121fdbc) returned 1 [0076.759] CryptGetHashParam (in: hHash=0x2e6a30, dwParam=0x2, pbData=0x998b88, pdwDataLen=0x121fdb0, dwFlags=0x0 | out: pbData=0x998b88, pdwDataLen=0x121fdb0) returned 1 [0076.759] CryptDestroyHash (hHash=0x2e6a30) returned 1 [0076.759] CryptReleaseContext (hProv=0x2e6f38, dwFlags=0x0) returned 1 [0076.759] OpenMutexA (dwDesiredAccess=0x100002, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x0 [0076.759] GetLastError () returned 0x5 [0076.759] OpenMutexA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x0 [0076.759] OpenMutexA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x144 [0076.759] SetEvent (hEvent=0x140) returned 1 [0076.759] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0076.760] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2e4b98 [0076.762] EnumServicesStatusExW (in: hSCManager=0x2e4b98, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x3, lpServices=0x9998a0, cbBufSize=0x40000, pcbBytesNeeded=0x121fc58, lpServicesReturned=0x121fc48, lpResumeHandle=0x121fc54, pszGroupName=0x0 | out: lpServices=0x9998a0, pcbBytesNeeded=0x121fc58, lpServicesReturned=0x121fc48, lpResumeHandle=0x121fc54) returned 1 [0076.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0076.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="adobeflashplayerupdatesvc", cchWideChar=25, lpMultiByteStr=0x998ca8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adobeflashplayerupdatesvc", lpUsedDefaultChar=0x0) returned 25 [0076.773] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AdobeFlashPlayerUpdateSvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.773] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.774] GetLastError () returned 0x7a [0076.774] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x146, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashplayerupdateservice.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0076.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashplayerupdateservice.exe", cchWideChar=28, lpMultiByteStr=0x998cf0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashplayerupdateservice.exe", lpUsedDefaultChar=0x0) returned 28 [0076.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aelookupsvc", cchWideChar=11, lpMultiByteStr=0x998d38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aelookupsvc", lpUsedDefaultChar=0x0) returned 11 [0076.775] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AeLookupSvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.775] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.775] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.776] GetLastError () returned 0x7a [0076.776] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x106, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998d80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x998d80, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0076.777] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ALG", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.777] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.777] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.778] GetLastError () returned 0x7a [0076.778] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x11a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg.exe", cchWideChar=7, lpMultiByteStr=0x998dc8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg.exe", lpUsedDefaultChar=0x0) returned 7 [0076.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appidsvc", cchWideChar=8, lpMultiByteStr=0x998dc8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appidsvc", lpUsedDefaultChar=0x0) returned 8 [0076.779] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AppIDSvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.779] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.779] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.780] GetLastError () returned 0x7a [0076.780] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x18e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998e10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appinfo", cchWideChar=7, lpMultiByteStr=0x998e10, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appinfo", lpUsedDefaultChar=0x0) returned 7 [0076.781] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Appinfo", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.781] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.781] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.782] GetLastError () returned 0x7a [0076.782] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x122, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998e58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="appmgmt", cchWideChar=7, lpMultiByteStr=0x998e58, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appmgmt", lpUsedDefaultChar=0x0) returned 7 [0076.783] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AppMgmt", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.783] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.783] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.784] GetLastError () returned 0x7a [0076.784] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x106, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998ea0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state", cchWideChar=12, lpMultiByteStr=0x998ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aspnet_state", lpUsedDefaultChar=0x0) returned 12 [0076.785] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="aspnet_state", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.785] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.785] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.786] GetLastError () returned 0x7a [0076.786] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x150, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="aspnet_state.exe", cchWideChar=16, lpMultiByteStr=0x998ee8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aspnet_state.exe", lpUsedDefaultChar=0x0) returned 16 [0076.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audioendpointbuilder", cchWideChar=20, lpMultiByteStr=0x998ee8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audioendpointbuilder", lpUsedDefaultChar=0x0) returned 20 [0076.787] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AudioEndpointBuilder", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.787] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.787] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.788] GetLastError () returned 0x7a [0076.788] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x164, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998f30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiosrv", cchWideChar=8, lpMultiByteStr=0x998f30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiosrv", lpUsedDefaultChar=0x0) returned 8 [0076.789] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AudioSrv", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.789] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.789] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.790] GetLastError () returned 0x7a [0076.790] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x190, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998f78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="axinstsv", cchWideChar=8, lpMultiByteStr=0x998f78, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="axinstsv", lpUsedDefaultChar=0x0) returned 8 [0076.791] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="AxInstSV", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.791] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.792] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.792] GetLastError () returned 0x7a [0076.792] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x128, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998fc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bdesvc", cchWideChar=6, lpMultiByteStr=0x998fc0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bdesvc", lpUsedDefaultChar=0x0) returned 6 [0076.793] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="BDESVC", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.793] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.794] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.794] GetLastError () returned 0x7a [0076.794] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x11e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999008, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bfe", cchWideChar=3, lpMultiByteStr=0x999008, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bfe", lpUsedDefaultChar=0x0) returned 3 [0076.795] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="BFE", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.795] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.796] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.796] GetLastError () returned 0x7a [0076.796] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x164, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999050, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bits", cchWideChar=4, lpMultiByteStr=0x999050, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bits", lpUsedDefaultChar=0x0) returned 4 [0076.797] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="BITS", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.797] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.798] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.798] GetLastError () returned 0x7a [0076.798] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x14a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999098, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="browser", cchWideChar=7, lpMultiByteStr=0x999098, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="browser", lpUsedDefaultChar=0x0) returned 7 [0076.799] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Browser", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.799] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.800] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.800] GetLastError () returned 0x7a [0076.800] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x154, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9990e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bthserv", cchWideChar=7, lpMultiByteStr=0x9990e0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bthserv", lpUsedDefaultChar=0x0) returned 7 [0076.801] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="bthserv", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.801] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.801] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.802] GetLastError () returned 0x7a [0076.802] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x132, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="certpropsvc", cchWideChar=11, lpMultiByteStr=0x999128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="certpropsvc", lpUsedDefaultChar=0x0) returned 11 [0076.802] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="CertPropSvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.803] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.803] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.803] GetLastError () returned 0x7a [0076.803] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x112, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999170, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_32", cchWideChar=30, lpMultiByteStr=0x999170, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_32", lpUsedDefaultChar=0x0) returned 30 [0076.804] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="clr_optimization_v2.0.50727_32", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.804] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.805] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.805] GetLastError () returned 0x7a [0076.805] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x152, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x9991b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0076.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v2.0.50727_64", cchWideChar=30, lpMultiByteStr=0x999170, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v2.0.50727_64", lpUsedDefaultChar=0x0) returned 30 [0076.806] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="clr_optimization_v2.0.50727_64", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.806] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.806] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.807] GetLastError () returned 0x7a [0076.807] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x156, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x9991b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0076.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_32", cchWideChar=30, lpMultiByteStr=0x9991b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_32", lpUsedDefaultChar=0x0) returned 30 [0076.808] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="clr_optimization_v4.0.30319_32", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.808] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.808] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.808] GetLastError () returned 0x7a [0076.808] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x152, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x999200, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0076.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0076.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clr_optimization_v4.0.30319_64", cchWideChar=30, lpMultiByteStr=0x999200, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clr_optimization_v4.0.30319_64", lpUsedDefaultChar=0x0) returned 30 [0076.809] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="clr_optimization_v4.0.30319_64", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.809] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.810] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.810] GetLastError () returned 0x7a [0076.810] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x156, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x999248, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0076.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="comsysapp", cchWideChar=9, lpMultiByteStr=0x999248, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="comsysapp", lpUsedDefaultChar=0x0) returned 9 [0076.811] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="COMSysApp", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.811] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.811] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.812] GetLastError () returned 0x7a [0076.812] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x182, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dllhost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dllhost.exe", cchWideChar=11, lpMultiByteStr=0x999290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptsvc", cchWideChar=8, lpMultiByteStr=0x999290, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptsvc", lpUsedDefaultChar=0x0) returned 8 [0076.812] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="CryptSvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.813] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.813] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.813] GetLastError () returned 0x7a [0076.813] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x13e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9992d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cscservice", cchWideChar=10, lpMultiByteStr=0x9992d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cscservice", lpUsedDefaultChar=0x0) returned 10 [0076.814] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="CscService", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.814] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.814] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.815] GetLastError () returned 0x7a [0076.815] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x142, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999320, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dcomlaunch", cchWideChar=10, lpMultiByteStr=0x999320, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dcomlaunch", lpUsedDefaultChar=0x0) returned 10 [0076.818] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="DcomLaunch", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.828] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.828] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.829] GetLastError () returned 0x7a [0076.829] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x13c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999368, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="defragsvc", cchWideChar=9, lpMultiByteStr=0x999368, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="defragsvc", lpUsedDefaultChar=0x0) returned 9 [0076.830] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="defragsvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.830] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.830] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.830] GetLastError () returned 0x7a [0076.830] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x10a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0076.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dhcp", cchWideChar=4, lpMultiByteStr=0x9993b0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dhcp", lpUsedDefaultChar=0x0) returned 4 [0076.831] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Dhcp", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.831] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.832] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.832] GetLastError () returned 0x7a [0076.832] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x154, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dnscache", cchWideChar=8, lpMultiByteStr=0x9993f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dnscache", lpUsedDefaultChar=0x0) returned 8 [0076.833] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Dnscache", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.833] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.833] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.834] GetLastError () returned 0x7a [0076.834] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x130, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999440, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dot3svc", cchWideChar=7, lpMultiByteStr=0x999440, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dot3svc", lpUsedDefaultChar=0x0) returned 7 [0076.834] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="dot3svc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.856] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.856] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.860] GetLastError () returned 0x7a [0076.860] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x154, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999488, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dps", cchWideChar=3, lpMultiByteStr=0x999488, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dps", lpUsedDefaultChar=0x0) returned 3 [0076.860] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="DPS", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.861] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.861] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.861] GetLastError () returned 0x7a [0076.861] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x144, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.862] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.862] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.862] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.862] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eaphost", cchWideChar=7, lpMultiByteStr=0x9994d0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eaphost", lpUsedDefaultChar=0x0) returned 7 [0076.862] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="EapHost", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.862] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.862] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.863] GetLastError () returned 0x7a [0076.863] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x136, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999518, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="efs", cchWideChar=3, lpMultiByteStr=0x999518, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="efs", lpUsedDefaultChar=0x0) returned 3 [0076.864] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="EFS", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.864] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.864] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.865] GetLastError () returned 0x7a [0076.865] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x102, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x999560, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0076.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr", cchWideChar=7, lpMultiByteStr=0x999560, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehrecvr", lpUsedDefaultChar=0x0) returned 7 [0076.866] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ehRecvr", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.866] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.866] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.866] GetLastError () returned 0x7a [0076.867] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x132, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehrecvr.exe", cchWideChar=11, lpMultiByteStr=0x9995a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehrecvr.exe", lpUsedDefaultChar=0x0) returned 11 [0076.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched", cchWideChar=7, lpMultiByteStr=0x9995a8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehsched", lpUsedDefaultChar=0x0) returned 7 [0076.867] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ehSched", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.867] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.868] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.868] GetLastError () returned 0x7a [0076.868] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x134, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ehsched.exe", cchWideChar=11, lpMultiByteStr=0x9995f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ehsched.exe", lpUsedDefaultChar=0x0) returned 11 [0076.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventlog", cchWideChar=8, lpMultiByteStr=0x9995f0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventlog", lpUsedDefaultChar=0x0) returned 8 [0076.869] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="eventlog", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.869] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.869] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.870] GetLastError () returned 0x7a [0076.870] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x156, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999638, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x999638, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0076.870] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="EventSystem", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.871] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.871] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.871] GetLastError () returned 0x7a [0076.871] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x12c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0076.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x999680, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0076.872] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Fax", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.872] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.872] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.873] GetLastError () returned 0x7a [0076.873] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x124, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fxssvc.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fxssvc.exe", cchWideChar=10, lpMultiByteStr=0x9996c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fxssvc.exe", lpUsedDefaultChar=0x0) returned 10 [0076.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdphost", cchWideChar=7, lpMultiByteStr=0x9996c8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdphost", lpUsedDefaultChar=0x0) returned 7 [0076.873] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="fdPHost", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.874] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.874] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.881] GetLastError () returned 0x7a [0076.881] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x154, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999710, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fdrespub", cchWideChar=8, lpMultiByteStr=0x999710, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fdrespub", lpUsedDefaultChar=0x0) returned 8 [0076.882] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="FDResPub", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.882] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.882] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.883] GetLastError () returned 0x7a [0076.883] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x186, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999758, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache", cchWideChar=9, lpMultiByteStr=0x999758, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache", lpUsedDefaultChar=0x0) returned 9 [0076.883] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="FontCache", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.884] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.884] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.884] GetLastError () returned 0x7a [0076.884] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x158, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fontcache3.0.0.0", cchWideChar=16, lpMultiByteStr=0x9997a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontcache3.0.0.0", lpUsedDefaultChar=0x0) returned 16 [0076.885] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="FontCache3.0.0.0", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.885] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.885] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.903] GetLastError () returned 0x7a [0076.903] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x194, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="presentationfontcache.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0076.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="presentationfontcache.exe", cchWideChar=25, lpMultiByteStr=0x9997e8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="presentationfontcache.exe", lpUsedDefaultChar=0x0) returned 25 [0076.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpsvc", cchWideChar=5, lpMultiByteStr=0x9997e8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpsvc", lpUsedDefaultChar=0x0) returned 5 [0076.903] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="gpsvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.904] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.904] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.904] GetLastError () returned 0x7a [0076.904] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x12c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999830, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdate", cchWideChar=7, lpMultiByteStr=0x999830, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdate", lpUsedDefaultChar=0x0) returned 7 [0076.905] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="gupdate", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.905] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.905] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.906] GetLastError () returned 0x7a [0076.906] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x146, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0xabc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="googleupdate.exe", lpUsedDefaultChar=0x0) returned 16 [0076.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gupdatem", cchWideChar=8, lpMultiByteStr=0xabc9c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gupdatem", lpUsedDefaultChar=0x0) returned 8 [0076.907] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="gupdatem", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.907] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.907] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.908] GetLastError () returned 0x7a [0076.908] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="googleupdate.exe", cchWideChar=16, lpMultiByteStr=0xabc9c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="googleupdate.exe", lpUsedDefaultChar=0x0) returned 16 [0076.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hidserv", cchWideChar=7, lpMultiByteStr=0x996570, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hidserv", lpUsedDefaultChar=0x0) returned 7 [0076.908] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="hidserv", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.908] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.909] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.909] GetLastError () returned 0x7a [0076.909] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x13e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996570, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hkmsvc", cchWideChar=6, lpMultiByteStr=0x9965b8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hkmsvc", lpUsedDefaultChar=0x0) returned 6 [0076.910] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="hkmsvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.910] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.910] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.911] GetLastError () returned 0x7a [0076.911] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x12e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996600, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegrouplistener", cchWideChar=17, lpMultiByteStr=0x996600, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegrouplistener", lpUsedDefaultChar=0x0) returned 17 [0076.912] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="HomeGroupListener", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.912] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.915] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.915] GetLastError () returned 0x7a [0076.915] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x140, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996648, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="homegroupprovider", cchWideChar=17, lpMultiByteStr=0x996648, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="homegroupprovider", lpUsedDefaultChar=0x0) returned 17 [0076.916] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="HomeGroupProvider", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.916] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.916] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.917] GetLastError () returned 0x7a [0076.917] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x178, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996690, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="idsvc", cchWideChar=5, lpMultiByteStr=0x996690, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idsvc", lpUsedDefaultChar=0x0) returned 5 [0076.917] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="idsvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.918] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.918] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.918] GetLastError () returned 0x7a [0076.918] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x15a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="infocard.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="infocard.exe", cchWideChar=12, lpMultiByteStr=0x9966d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="infocard.exe", lpUsedDefaultChar=0x0) returned 12 [0076.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ikeext", cchWideChar=6, lpMultiByteStr=0x9966d8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ikeext", lpUsedDefaultChar=0x0) returned 6 [0076.919] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="IKEEXT", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.919] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.919] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.920] GetLastError () returned 0x7a [0076.920] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x126, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996720, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ipbusenum", cchWideChar=9, lpMultiByteStr=0x996720, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ipbusenum", lpUsedDefaultChar=0x0) returned 9 [0076.921] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="IPBusEnum", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.921] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.921] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.922] GetLastError () returned 0x7a [0076.922] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x14c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996768, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="iphlpsvc", cchWideChar=8, lpMultiByteStr=0x996768, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iphlpsvc", lpUsedDefaultChar=0x0) returned 8 [0076.922] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="iphlpsvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.923] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.923] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.923] GetLastError () returned 0x7a [0076.923] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x122, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9967b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="keyiso", cchWideChar=6, lpMultiByteStr=0x9967b0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keyiso", lpUsedDefaultChar=0x0) returned 6 [0076.928] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="KeyIso", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.928] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.929] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.929] GetLastError () returned 0x7a [0076.929] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0xec, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x9967f8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0076.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ktmrm", cchWideChar=5, lpMultiByteStr=0x9967f8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ktmrm", lpUsedDefaultChar=0x0) returned 5 [0076.930] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="KtmRm", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.930] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.930] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.931] GetLastError () returned 0x7a [0076.931] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x19c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996840, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanserver", cchWideChar=12, lpMultiByteStr=0x996840, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanserver", lpUsedDefaultChar=0x0) returned 12 [0076.931] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="LanmanServer", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.932] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.932] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.932] GetLastError () returned 0x7a [0076.932] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0xf8, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996888, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lanmanworkstation", cchWideChar=17, lpMultiByteStr=0x996888, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lanmanworkstation", lpUsedDefaultChar=0x0) returned 17 [0076.933] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="LanmanWorkstation", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.933] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.933] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.934] GetLastError () returned 0x7a [0076.934] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x174, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9968d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lltdsvc", cchWideChar=7, lpMultiByteStr=0x9968d0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lltdsvc", lpUsedDefaultChar=0x0) returned 7 [0076.934] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="lltdsvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.935] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.935] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.935] GetLastError () returned 0x7a [0076.935] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x160, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996918, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lmhosts", cchWideChar=7, lpMultiByteStr=0x996918, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lmhosts", lpUsedDefaultChar=0x0) returned 7 [0076.936] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="lmhosts", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.936] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.937] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.937] GetLastError () returned 0x7a [0076.937] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x164, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996960, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mcx2svc", cchWideChar=7, lpMultiByteStr=0x996960, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mcx2svc", lpUsedDefaultChar=0x0) returned 7 [0076.938] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Mcx2Svc", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.938] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.938] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.939] GetLastError () returned 0x7a [0076.939] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x1a8, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9969a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0076.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sharepoint workspace audit service", cchWideChar=44, lpMultiByteStr=0x9969a8, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sharepoint workspace audit service", lpUsedDefaultChar=0x0) returned 44 [0076.939] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Microsoft SharePoint Workspace Audit Service", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.940] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.940] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.940] GetLastError () returned 0x7a [0076.940] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x184, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="groove.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="groove.exe", cchWideChar=10, lpMultiByteStr=0x9969f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="groove.exe", lpUsedDefaultChar=0x0) returned 10 [0076.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmcss", cchWideChar=5, lpMultiByteStr=0x9969f0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmcss", lpUsedDefaultChar=0x0) returned 5 [0076.941] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="MMCSS", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.941] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.941] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.942] GetLastError () returned 0x7a [0076.942] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x10e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996a38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mozillamaintenance", cchWideChar=18, lpMultiByteStr=0x996a38, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mozillamaintenance", lpUsedDefaultChar=0x0) returned 18 [0076.943] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="MozillaMaintenance", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.943] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.943] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.943] GetLastError () returned 0x7a [0076.943] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x152, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0076.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x996a80, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="maintenanceservice.exe", lpUsedDefaultChar=0x0) returned 22 [0076.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mpssvc", cchWideChar=6, lpMultiByteStr=0x996a80, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mpssvc", lpUsedDefaultChar=0x0) returned 6 [0076.944] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="MpsSvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.944] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.945] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.945] GetLastError () returned 0x7a [0076.945] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x164, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996ac8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0076.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x996ac8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0076.946] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="MSDTC", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.946] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.946] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.947] GetLastError () returned 0x7a [0076.947] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x13c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc.exe", cchWideChar=9, lpMultiByteStr=0x996b10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc.exe", lpUsedDefaultChar=0x0) returned 9 [0076.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiscsi", cchWideChar=7, lpMultiByteStr=0x996b10, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiscsi", lpUsedDefaultChar=0x0) returned 7 [0076.947] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="MSiSCSI", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.948] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.948] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.948] GetLastError () returned 0x7a [0076.948] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x126, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996b58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiserver", cchWideChar=9, lpMultiByteStr=0x996b58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiserver", lpUsedDefaultChar=0x0) returned 9 [0076.949] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="msiserver", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.949] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.949] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.950] GetLastError () returned 0x7a [0076.950] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0xf6, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiexec.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msiexec.exe", cchWideChar=11, lpMultiByteStr=0x996ba0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msiexec.exe", lpUsedDefaultChar=0x0) returned 11 [0076.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napagent", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="napagent", cchWideChar=8, lpMultiByteStr=0x996ba0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="napagent", lpUsedDefaultChar=0x0) returned 8 [0076.951] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="napagent", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.951] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.951] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.951] GetLastError () returned 0x7a [0076.951] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x150, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996be8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netlogon", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netlogon", cchWideChar=8, lpMultiByteStr=0x996be8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netlogon", lpUsedDefaultChar=0x0) returned 8 [0076.952] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Netlogon", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.952] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.953] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.953] GetLastError () returned 0x7a [0076.953] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x126, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x996c30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0076.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netman", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netman", cchWideChar=6, lpMultiByteStr=0x996c30, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netman", lpUsedDefaultChar=0x0) returned 6 [0076.954] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Netman", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.955] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.955] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.956] GetLastError () returned 0x7a [0076.956] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x13c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996c78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netmsmqactivator", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netmsmqactivator", cchWideChar=16, lpMultiByteStr=0x996c78, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netmsmqactivator", lpUsedDefaultChar=0x0) returned 16 [0076.956] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="NetMsmqActivator", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.956] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.957] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.957] GetLastError () returned 0x7a [0076.957] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x18a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x996cc0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0076.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netpipeactivator", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netpipeactivator", cchWideChar=16, lpMultiByteStr=0x996cc0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netpipeactivator", lpUsedDefaultChar=0x0) returned 16 [0076.958] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="NetPipeActivator", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.958] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0076.958] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.959] GetLastError () returned 0x7a [0076.959] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x154, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x996d08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0076.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netprofm", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="netprofm", cchWideChar=8, lpMultiByteStr=0x996d08, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netprofm", lpUsedDefaultChar=0x0) returned 8 [0076.959] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="netprofm", dwDesiredAccess=0x1) returned 0x2e4bc0 [0076.960] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0076.960] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.960] GetLastError () returned 0x7a [0076.960] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x140, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996d50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0076.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpactivator", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpactivator", cchWideChar=15, lpMultiByteStr=0x996d50, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nettcpactivator", lpUsedDefaultChar=0x0) returned 15 [0076.961] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="NetTcpActivator", dwDesiredAccess=0x1) returned 0x2e4cb0 [0076.961] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0076.962] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.962] GetLastError () returned 0x7a [0076.962] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x176, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x996d98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0076.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpportsharing", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nettcpportsharing", cchWideChar=17, lpMultiByteStr=0x996d98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nettcpportsharing", lpUsedDefaultChar=0x0) returned 17 [0076.963] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="NetTcpPortSharing", dwDesiredAccess=0x1) returned 0x2e4b48 [0076.963] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0076.963] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0076.964] GetLastError () returned 0x7a [0076.964] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x154, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0076.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smsvchost.exe", cchWideChar=13, lpMultiByteStr=0x996de0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smsvchost.exe", lpUsedDefaultChar=0x0) returned 13 [0076.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nlasvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0076.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nlasvc", cchWideChar=6, lpMultiByteStr=0x996de0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nlasvc", lpUsedDefaultChar=0x0) returned 6 [0076.964] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="NlaSvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0076.965] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.131] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.132] GetLastError () returned 0x7a [0077.132] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x15a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996e28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nsi", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0077.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nsi", cchWideChar=3, lpMultiByteStr=0x996e28, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nsi", lpUsedDefaultChar=0x0) returned 3 [0077.133] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="nsi", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.133] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.133] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.134] GetLastError () returned 0x7a [0077.134] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996e70, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose64", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0077.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose64", cchWideChar=5, lpMultiByteStr=0x996e70, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ose64", lpUsedDefaultChar=0x0) returned 5 [0077.135] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ose64", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.135] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.136] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.136] GetLastError () returned 0x7a [0077.136] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x140, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ose.exe", cchWideChar=7, lpMultiByteStr=0x996eb8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ose.exe", lpUsedDefaultChar=0x0) returned 7 [0077.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc", cchWideChar=7, lpMultiByteStr=0x996eb8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="osppsvc", lpUsedDefaultChar=0x0) returned 7 [0077.137] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="osppsvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.137] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.138] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.138] GetLastError () returned 0x7a [0077.138] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x1b0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="osppsvc.exe", cchWideChar=11, lpMultiByteStr=0x996f00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="osppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0077.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2pimsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2pimsvc", cchWideChar=8, lpMultiByteStr=0x996f00, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="p2pimsvc", lpUsedDefaultChar=0x0) returned 8 [0077.139] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="p2pimsvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.140] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.140] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.141] GetLastError () returned 0x7a [0077.141] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996f48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2psvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="p2psvc", cchWideChar=6, lpMultiByteStr=0x996f48, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="p2psvc", lpUsedDefaultChar=0x0) returned 6 [0077.144] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="p2psvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.144] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.144] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.147] GetLastError () returned 0x7a [0077.147] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x15e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996f90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pcasvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pcasvc", cchWideChar=6, lpMultiByteStr=0x996f90, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pcasvc", lpUsedDefaultChar=0x0) returned 6 [0077.148] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PcaSvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.148] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.148] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.149] GetLastError () returned 0x7a [0077.149] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x15c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x996fd8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="peerdistsvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="peerdistsvc", cchWideChar=11, lpMultiByteStr=0x996fd8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="peerdistsvc", lpUsedDefaultChar=0x0) returned 11 [0077.152] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PeerDistSvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.152] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.153] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.153] GetLastError () returned 0x7a [0077.153] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x11a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997020, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost", cchWideChar=8, lpMultiByteStr=0x997020, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="perfhost", lpUsedDefaultChar=0x0) returned 8 [0077.154] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PerfHost", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.155] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.155] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.156] GetLastError () returned 0x7a [0077.156] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x124, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="perfhost.exe", cchWideChar=12, lpMultiByteStr=0x997068, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="perfhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0077.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pla", cchWideChar=3, lpMultiByteStr=0x997068, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pla", lpUsedDefaultChar=0x0) returned 3 [0077.156] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="pla", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.164] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.164] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.165] GetLastError () returned 0x7a [0077.165] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9970b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="plugplay", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="plugplay", cchWideChar=8, lpMultiByteStr=0x9970b0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="plugplay", lpUsedDefaultChar=0x0) returned 8 [0077.166] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PlugPlay", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.166] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.166] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.167] GetLastError () returned 0x7a [0077.167] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x10a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9970f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpautoreg", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpautoreg", cchWideChar=11, lpMultiByteStr=0x9970f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnrpautoreg", lpUsedDefaultChar=0x0) returned 11 [0077.168] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PNRPAutoReg", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.168] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.168] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.169] GetLastError () returned 0x7a [0077.171] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x166, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997140, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pnrpsvc", cchWideChar=7, lpMultiByteStr=0x997140, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pnrpsvc", lpUsedDefaultChar=0x0) returned 7 [0077.172] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PNRPsvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.172] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.188] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.197] GetLastError () returned 0x7a [0077.197] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x158, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997188, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policyagent", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="policyagent", cchWideChar=11, lpMultiByteStr=0x997188, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policyagent", lpUsedDefaultChar=0x0) returned 11 [0077.197] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="PolicyAgent", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.198] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.198] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.198] GetLastError () returned 0x7a [0077.198] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x160, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9971d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="power", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0077.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="power", cchWideChar=5, lpMultiByteStr=0x9971d0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="power", lpUsedDefaultChar=0x0) returned 5 [0077.199] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Power", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.199] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.200] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.200] GetLastError () returned 0x7a [0077.200] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0xfa, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997218, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="profsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="profsvc", cchWideChar=7, lpMultiByteStr=0x997218, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="profsvc", lpUsedDefaultChar=0x0) returned 7 [0077.201] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ProfSvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.201] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.201] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.202] GetLastError () returned 0x7a [0077.202] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x126, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997260, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="protectedstorage", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="protectedstorage", cchWideChar=16, lpMultiByteStr=0x997260, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="protectedstorage", lpUsedDefaultChar=0x0) returned 16 [0077.203] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ProtectedStorage", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.203] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.203] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.204] GetLastError () returned 0x7a [0077.204] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0xec, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x9972a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0077.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="qwave", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0077.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="qwave", cchWideChar=5, lpMultiByteStr=0x9972a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qwave", lpUsedDefaultChar=0x0) returned 5 [0077.204] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="QWAVE", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.205] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.205] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.205] GetLastError () returned 0x7a [0077.205] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x1a8, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9972f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasauto", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasauto", cchWideChar=7, lpMultiByteStr=0x9972f0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rasauto", lpUsedDefaultChar=0x0) returned 7 [0077.206] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RasAuto", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.206] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.207] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.207] GetLastError () returned 0x7a [0077.207] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997338, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasman", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rasman", cchWideChar=6, lpMultiByteStr=0x997338, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rasman", lpUsedDefaultChar=0x0) returned 6 [0077.208] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RasMan", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.208] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.208] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.209] GetLastError () returned 0x7a [0077.209] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x138, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997380, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteaccess", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteaccess", cchWideChar=12, lpMultiByteStr=0x997380, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="remoteaccess", lpUsedDefaultChar=0x0) returned 12 [0077.209] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RemoteAccess", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.210] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.210] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.210] GetLastError () returned 0x7a [0077.210] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x152, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9973c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteregistry", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="remoteregistry", cchWideChar=14, lpMultiByteStr=0x9973c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="remoteregistry", lpUsedDefaultChar=0x0) returned 14 [0077.211] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RemoteRegistry", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.211] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.212] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.212] GetLastError () returned 0x7a [0077.212] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x11c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997410, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpceptmapper", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpceptmapper", cchWideChar=12, lpMultiByteStr=0x997410, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpceptmapper", lpUsedDefaultChar=0x0) returned 12 [0077.213] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RpcEptMapper", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.213] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.213] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.214] GetLastError () returned 0x7a [0077.214] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x140, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x997458, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpclocator", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpclocator", cchWideChar=10, lpMultiByteStr=0x997458, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpclocator", lpUsedDefaultChar=0x0) returned 10 [0077.215] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RpcLocator", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.215] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.215] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.216] GetLastError () returned 0x7a [0077.216] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x12a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="locator.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="locator.exe", cchWideChar=11, lpMultiByteStr=0x9974a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="locator.exe", lpUsedDefaultChar=0x0) returned 11 [0077.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpcss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0077.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rpcss", cchWideChar=5, lpMultiByteStr=0x9974a0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rpcss", lpUsedDefaultChar=0x0) returned 5 [0077.216] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="RpcSs", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.217] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.217] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.217] GetLastError () returned 0x7a [0077.217] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x17e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9974e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="samss", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0077.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="samss", cchWideChar=5, lpMultiByteStr=0x9974e8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="samss", lpUsedDefaultChar=0x0) returned 5 [0077.219] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SamSs", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.219] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.219] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.219] GetLastError () returned 0x7a [0077.220] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x12e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x9974e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0077.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scardsvr", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scardsvr", cchWideChar=8, lpMultiByteStr=0x9e5098, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scardsvr", lpUsedDefaultChar=0x0) returned 8 [0077.220] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SCardSvr", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.221] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.221] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.221] GetLastError () returned 0x7a [0077.221] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x164, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5098, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedule", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="schedule", cchWideChar=8, lpMultiByteStr=0x9e50e0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="schedule", lpUsedDefaultChar=0x0) returned 8 [0077.222] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Schedule", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.222] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.222] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.223] GetLastError () returned 0x7a [0077.223] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x12e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scpolicysvc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="scpolicysvc", cchWideChar=11, lpMultiByteStr=0x9e5128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scpolicysvc", lpUsedDefaultChar=0x0) returned 11 [0077.224] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SCPolicySvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.224] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.224] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.225] GetLastError () returned 0x7a [0077.225] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x116, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5170, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sdrsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sdrsvc", cchWideChar=6, lpMultiByteStr=0x9e5170, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sdrsvc", lpUsedDefaultChar=0x0) returned 6 [0077.225] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SDRSVC", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.226] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.226] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.226] GetLastError () returned 0x7a [0077.226] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0xfe, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e51b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seclogon", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seclogon", cchWideChar=8, lpMultiByteStr=0x9e51b8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seclogon", lpUsedDefaultChar=0x0) returned 8 [0077.227] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="seclogon", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.228] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.228] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.228] GetLastError () returned 0x7a [0077.228] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0xf8, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5200, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sens", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0077.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sens", cchWideChar=4, lpMultiByteStr=0x9e5200, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sens", lpUsedDefaultChar=0x0) returned 4 [0077.229] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SENS", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.229] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.230] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.230] GetLastError () returned 0x7a [0077.230] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x14c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5248, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensrsvc", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sensrsvc", cchWideChar=8, lpMultiByteStr=0x9e5248, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sensrsvc", lpUsedDefaultChar=0x0) returned 8 [0077.231] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SensrSvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.231] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.231] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.232] GetLastError () returned 0x7a [0077.232] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x14a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sessionenv", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sessionenv", cchWideChar=10, lpMultiByteStr=0x9e5290, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sessionenv", lpUsedDefaultChar=0x0) returned 10 [0077.232] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SessionEnv", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.233] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.233] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.233] GetLastError () returned 0x7a [0077.233] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x140, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e52d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sharedaccess", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sharedaccess", cchWideChar=12, lpMultiByteStr=0x9e52d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sharedaccess", lpUsedDefaultChar=0x0) returned 12 [0077.234] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SharedAccess", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.234] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.235] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.235] GetLastError () returned 0x7a [0077.235] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5320, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shellhwdetection", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shellhwdetection", cchWideChar=16, lpMultiByteStr=0x9e5320, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shellhwdetection", lpUsedDefaultChar=0x0) returned 16 [0077.236] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="ShellHWDetection", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.236] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.236] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.237] GetLastError () returned 0x7a [0077.237] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x12e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5368, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap", cchWideChar=8, lpMultiByteStr=0x9e5368, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snmptrap", lpUsedDefaultChar=0x0) returned 8 [0077.238] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SNMPTRAP", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.238] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.238] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.239] GetLastError () returned 0x7a [0077.239] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0xf4, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snmptrap.exe", cchWideChar=12, lpMultiByteStr=0x9e53b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snmptrap.exe", lpUsedDefaultChar=0x0) returned 12 [0077.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spooler", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spooler", cchWideChar=7, lpMultiByteStr=0x9e53b0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spooler", lpUsedDefaultChar=0x0) returned 7 [0077.239] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Spooler", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.240] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.240] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.240] GetLastError () returned 0x7a [0077.240] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x10a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x9e53f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0077.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc", cchWideChar=6, lpMultiByteStr=0x9e53f8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc", lpUsedDefaultChar=0x0) returned 6 [0077.241] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="sppsvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.241] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.242] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.242] GetLastError () returned 0x7a [0077.242] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x112, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppsvc.exe", cchWideChar=10, lpMultiByteStr=0x9e5440, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 10 [0077.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppuinotify", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sppuinotify", cchWideChar=11, lpMultiByteStr=0x9e5440, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppuinotify", lpUsedDefaultChar=0x0) returned 11 [0077.243] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="sppuinotify", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.243] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.243] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.244] GetLastError () returned 0x7a [0077.244] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x146, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5488, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ssdpsrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ssdpsrv", cchWideChar=7, lpMultiByteStr=0x9e5488, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ssdpsrv", lpUsedDefaultChar=0x0) returned 7 [0077.244] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SSDPSRV", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.245] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.245] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.245] GetLastError () returned 0x7a [0077.245] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x148, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e54d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sstpsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sstpsvc", cchWideChar=7, lpMultiByteStr=0x9e54d0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sstpsvc", lpUsedDefaultChar=0x0) returned 7 [0077.246] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SstpSvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.246] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.247] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.247] GetLastError () returned 0x7a [0077.247] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x150, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5518, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stisvc", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stisvc", cchWideChar=6, lpMultiByteStr=0x9e5518, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stisvc", lpUsedDefaultChar=0x0) returned 6 [0077.248] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="stisvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.248] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.248] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.249] GetLastError () returned 0x7a [0077.249] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x15e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5560, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="storsvc", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="storsvc", cchWideChar=7, lpMultiByteStr=0x9e5560, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="storsvc", lpUsedDefaultChar=0x0) returned 7 [0077.249] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="StorSvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.250] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.250] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.250] GetLastError () returned 0x7a [0077.250] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x122, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e55a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="swprv", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0077.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="swprv", cchWideChar=5, lpMultiByteStr=0x9e55a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swprv", lpUsedDefaultChar=0x0) returned 5 [0077.251] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="swprv", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.251] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.252] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.252] GetLastError () returned 0x7a [0077.252] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x12e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e55f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysmain", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sysmain", cchWideChar=7, lpMultiByteStr=0x9e55f0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sysmain", lpUsedDefaultChar=0x0) returned 7 [0077.253] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="SysMain", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.253] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.253] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.254] GetLastError () returned 0x7a [0077.254] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x134, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5638, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletinputservice", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0077.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tabletinputservice", cchWideChar=18, lpMultiByteStr=0x9e5638, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tabletinputservice", lpUsedDefaultChar=0x0) returned 18 [0077.255] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="TabletInputService", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.255] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.255] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.256] GetLastError () returned 0x7a [0077.256] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x15e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tapisrv", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tapisrv", cchWideChar=7, lpMultiByteStr=0x9e5680, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tapisrv", lpUsedDefaultChar=0x0) returned 7 [0077.256] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="TapiSrv", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.257] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.257] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.257] GetLastError () returned 0x7a [0077.257] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x136, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tbs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0077.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tbs", cchWideChar=3, lpMultiByteStr=0x9e56c8, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tbs", lpUsedDefaultChar=0x0) returned 3 [0077.258] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="TBS", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.258] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.259] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.259] GetLastError () returned 0x7a [0077.259] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x146, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5710, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservice", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="termservice", cchWideChar=11, lpMultiByteStr=0x9e5710, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="termservice", lpUsedDefaultChar=0x0) returned 11 [0077.260] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="TermService", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.260] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.260] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.261] GetLastError () returned 0x7a [0077.261] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5758, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="themes", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="themes", cchWideChar=6, lpMultiByteStr=0x9e5758, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="themes", lpUsedDefaultChar=0x0) returned 6 [0077.262] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Themes", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.262] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.262] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.263] GetLastError () returned 0x7a [0077.263] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x100, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e57a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="threadorder", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="threadorder", cchWideChar=11, lpMultiByteStr=0x9e57a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="threadorder", lpUsedDefaultChar=0x0) returned 11 [0077.263] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="THREADORDER", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.264] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.264] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.264] GetLastError () returned 0x7a [0077.264] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x12c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.265] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="TrkWks", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.265] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.265] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.266] GetLastError () returned 0x7a [0077.266] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.266] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="TrustedInstaller", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.267] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.267] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.267] GetLastError () returned 0x7a [0077.267] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x124, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.268] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="UI0Detect", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.268] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.268] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.269] GetLastError () returned 0x7a [0077.269] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x104, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.269] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="UmRdpService", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.270] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.270] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.270] GetLastError () returned 0x7a [0077.270] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x186, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.271] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="upnphost", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.271] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.271] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.272] GetLastError () returned 0x7a [0077.272] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x15c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.272] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="UxSms", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.273] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.273] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.273] GetLastError () returned 0x7a [0077.273] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x15e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.274] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="VaultSvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.274] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.274] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.275] GetLastError () returned 0x7a [0077.275] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0xee, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.275] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="vds", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.275] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.276] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.276] GetLastError () returned 0x7a [0077.276] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0xf0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.277] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="VSS", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.277] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.277] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.278] GetLastError () returned 0x7a [0077.278] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0xee, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.278] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="W32Time", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.278] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.279] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.279] GetLastError () returned 0x7a [0077.279] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x118, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.280] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wbengine", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.280] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.280] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.281] GetLastError () returned 0x7a [0077.281] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x10c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.281] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WbioSrvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.282] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.282] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.282] GetLastError () returned 0x7a [0077.282] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x15e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.283] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wcncsvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.283] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.283] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.284] GetLastError () returned 0x7a [0077.284] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x17a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.284] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WcsPlugInService", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.285] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.285] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.285] GetLastError () returned 0x7a [0077.285] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x126, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.286] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WdiServiceHost", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.286] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.286] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.287] GetLastError () returned 0x7a [0077.287] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x12e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.287] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WdiSystemHost", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.288] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.288] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.288] GetLastError () returned 0x7a [0077.289] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x130, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.289] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WebClient", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.289] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.290] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.290] GetLastError () returned 0x7a [0077.290] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x13c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.291] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Wecsvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.291] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.291] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.292] GetLastError () returned 0x7a [0077.292] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x150, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.292] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wercplsupport", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.292] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.293] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.317] GetLastError () returned 0x7a [0077.317] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x140, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.322] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WerSvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.323] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.323] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.323] GetLastError () returned 0x7a [0077.323] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x120, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.324] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WinDefend", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.324] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.324] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.325] GetLastError () returned 0x7a [0077.325] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x104, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.325] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WinHttpAutoProxySvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.326] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.326] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.326] GetLastError () returned 0x7a [0077.326] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x158, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.327] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Winmgmt", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.327] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.328] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.328] GetLastError () returned 0x7a [0077.328] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x128, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.329] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WinRM", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.329] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.329] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.330] GetLastError () returned 0x7a [0077.330] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x16e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.330] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="Wlansvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.331] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.331] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.331] GetLastError () returned 0x7a [0077.331] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x16a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.332] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wmiApSrv", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.332] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.332] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.333] GetLastError () returned 0x7a [0077.333] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0xfe, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.333] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WMPNetworkSvc", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.334] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.334] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.334] GetLastError () returned 0x7a [0077.334] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x16e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.335] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WPCSvc", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.335] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.335] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.336] GetLastError () returned 0x7a [0077.336] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x14e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.336] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WPDBusEnum", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.337] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.337] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.337] GetLastError () returned 0x7a [0077.337] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x152, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.338] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wscsvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.338] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.338] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.339] GetLastError () returned 0x7a [0077.339] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x15a, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.339] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WSearch", dwDesiredAccess=0x1) returned 0x2e4cb0 [0077.340] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.340] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.340] GetLastError () returned 0x7a [0077.340] QueryServiceConfigW (in: hService=0x2e4cb0, lpServiceConfig=0x9d98a8, cbBufSize=0x10c, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.341] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wuauserv", dwDesiredAccess=0x1) returned 0x2e4b48 [0077.341] CloseServiceHandle (hSCObject=0x2e4cb0) returned 1 [0077.341] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.342] GetLastError () returned 0x7a [0077.342] QueryServiceConfigW (in: hService=0x2e4b48, lpServiceConfig=0x9d98a8, cbBufSize=0x100, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.342] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="wudfsvc", dwDesiredAccess=0x1) returned 0x2e4c60 [0077.343] CloseServiceHandle (hSCObject=0x2e4b48) returned 1 [0077.343] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.343] GetLastError () returned 0x7a [0077.343] QueryServiceConfigW (in: hService=0x2e4c60, lpServiceConfig=0x9d98a8, cbBufSize=0x19e, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.344] OpenServiceW (hSCManager=0x2e4b98, lpServiceName="WwanSvc", dwDesiredAccess=0x1) returned 0x2e4bc0 [0077.344] CloseServiceHandle (hSCObject=0x2e4c60) returned 1 [0077.344] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x0, cbBufSize=0x0, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x0, pcbBytesNeeded=0x121fc3c) returned 0 [0077.345] GetLastError () returned 0x7a [0077.345] QueryServiceConfigW (in: hService=0x2e4bc0, lpServiceConfig=0x9d98a8, cbBufSize=0x170, pcbBytesNeeded=0x121fc3c | out: lpServiceConfig=0x9d98a8, pcbBytesNeeded=0x121fc3c) returned 1 [0077.345] CloseServiceHandle (hSCObject=0x2e4bc0) returned 1 [0077.352] CloseServiceHandle (hSCObject=0x2e4b98) returned 1 [0077.352] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x154 [0077.354] Process32FirstW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0077.355] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0077.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x999830, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0077.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=6, lpMultiByteStr=0x999830, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 6 [0077.356] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0077.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x999758, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 8 [0077.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x999758, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 8 [0077.357] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0077.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x9996c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x9996c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.357] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0077.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x999680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 11 [0077.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x999680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 11 [0077.365] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0077.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x999638, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x999638, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.366] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0077.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x9995f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 12 [0077.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x9995f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 12 [0077.367] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0077.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x9995a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 12 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x9995a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 12 [0077.368] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x999560, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x999560, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0077.368] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0077.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x999518, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x999518, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.369] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.370] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999488, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999488, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.371] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999440, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999440, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.372] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.372] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.373] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0077.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x999368, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 11 [0077.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x999368, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 11 [0077.374] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999320, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999320, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.375] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9992d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9992d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.376] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0077.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x999830, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0077.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x999830, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0077.376] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.377] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0077.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x9992d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x9992d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.378] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x310, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0077.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x999248, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x999248, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.379] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x548, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0077.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x999200, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 12 [0077.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x999200, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 12 [0077.379] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0077.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x9991b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 11 [0077.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x9991b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 11 [0077.380] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0077.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x999170, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x999170, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.381] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="transportationporval.exe")) returned 1 [0077.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x998ca8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transportationporval.exe", lpUsedDefaultChar=0x0) returned 24 [0077.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x998ca8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transportationporval.exe", lpUsedDefaultChar=0x0) returned 24 [0077.382] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="liverpool-brazil-kind-researchers.exe")) returned 1 [0077.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x999128, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liverpool-brazil-kind-researchers.exe", lpUsedDefaultChar=0x0) returned 37 [0077.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x999128, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liverpool-brazil-kind-researchers.exe", lpUsedDefaultChar=0x0) returned 37 [0077.383] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="azerbaijan australia map.exe")) returned 1 [0077.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x9990e0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="azerbaijan australia map.exe", lpUsedDefaultChar=0x0) returned 28 [0077.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x9990e0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="azerbaijan australia map.exe", lpUsedDefaultChar=0x0) returned 28 [0077.383] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="seattleconvertible.exe")) returned 1 [0077.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x999098, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seattleconvertible.exe", lpUsedDefaultChar=0x0) returned 22 [0077.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x999098, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seattleconvertible.exe", lpUsedDefaultChar=0x0) returned 22 [0077.384] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="camps_part_october.exe")) returned 1 [0077.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x999050, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="camps_part_october.exe", lpUsedDefaultChar=0x0) returned 22 [0077.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x999050, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="camps_part_october.exe", lpUsedDefaultChar=0x0) returned 22 [0077.385] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="fskaslidesoregon.exe")) returned 1 [0077.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x999008, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fskaslidesoregon.exe", lpUsedDefaultChar=0x0) returned 20 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x999008, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fskaslidesoregon.exe", lpUsedDefaultChar=0x0) returned 20 [0077.386] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x31c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="ny surge discounts.exe")) returned 1 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x998fc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ny surge discounts.exe", lpUsedDefaultChar=0x0) returned 22 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x998fc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ny surge discounts.exe", lpUsedDefaultChar=0x0) returned 22 [0077.386] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="furniture-cg.exe")) returned 1 [0077.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x998f78, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="furniture-cg.exe", lpUsedDefaultChar=0x0) returned 16 [0077.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x998f78, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="furniture-cg.exe", lpUsedDefaultChar=0x0) returned 16 [0077.387] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="angry_region_seconds.exe")) returned 1 [0077.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x998f30, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angry_region_seconds.exe", lpUsedDefaultChar=0x0) returned 24 [0077.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x998f30, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angry_region_seconds.exe", lpUsedDefaultChar=0x0) returned 24 [0077.388] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="soviet-nutten-samples-configured.exe")) returned 1 [0077.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x998ee8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="soviet-nutten-samples-configured.exe", lpUsedDefaultChar=0x0) returned 36 [0077.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x998ee8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="soviet-nutten-samples-configured.exe", lpUsedDefaultChar=0x0) returned 36 [0077.389] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="picture_pk.exe")) returned 1 [0077.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x998ea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="picture_pk.exe", lpUsedDefaultChar=0x0) returned 14 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x998ea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="picture_pk.exe", lpUsedDefaultChar=0x0) returned 14 [0077.390] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishes_pixels_reflected_edgar.exe")) returned 1 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x998e58, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wishes_pixels_reflected_edgar.exe", lpUsedDefaultChar=0x0) returned 33 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x998e58, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wishes_pixels_reflected_edgar.exe", lpUsedDefaultChar=0x0) returned 33 [0077.390] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="nyc-actor-fault-logistics.exe")) returned 1 [0077.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0077.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x998e10, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyc-actor-fault-logistics.exe", lpUsedDefaultChar=0x0) returned 29 [0077.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0077.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x998e10, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyc-actor-fault-logistics.exe", lpUsedDefaultChar=0x0) returned 29 [0077.391] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x398, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="duration_electricity_columbia_estate.exe")) returned 1 [0077.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x998dc8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="duration_electricity_columbia_estate.exe", lpUsedDefaultChar=0x0) returned 40 [0077.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x998dc8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="duration_electricity_columbia_estate.exe", lpUsedDefaultChar=0x0) returned 40 [0077.392] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="prominent.exe")) returned 1 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x998d80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prominent.exe", lpUsedDefaultChar=0x0) returned 13 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x998d80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prominent.exe", lpUsedDefaultChar=0x0) returned 13 [0077.393] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="after practical kiss sir.exe")) returned 1 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x998d38, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="after practical kiss sir.exe", lpUsedDefaultChar=0x0) returned 28 [0077.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x998d38, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="after practical kiss sir.exe", lpUsedDefaultChar=0x0) returned 28 [0077.394] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="epson-pressing-camera.exe")) returned 1 [0077.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0077.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x998cf0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="epson-pressing-camera.exe", lpUsedDefaultChar=0x0) returned 25 [0077.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0077.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x998cf0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="epson-pressing-camera.exe", lpUsedDefaultChar=0x0) returned 25 [0077.394] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x60c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="baptist-extraction.exe")) returned 1 [0077.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x998c60, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="baptist-extraction.exe", lpUsedDefaultChar=0x0) returned 22 [0077.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x998c60, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="baptist-extraction.exe", lpUsedDefaultChar=0x0) returned 22 [0077.395] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="challenged.exe")) returned 1 [0077.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0xabc9c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="challenged.exe", lpUsedDefaultChar=0x0) returned 14 [0077.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0xabc9c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="challenged.exe", lpUsedDefaultChar=0x0) returned 14 [0077.396] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="rhode-jay.exe")) returned 1 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0xabc9c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rhode-jay.exe", lpUsedDefaultChar=0x0) returned 13 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x9e5098, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rhode-jay.exe", lpUsedDefaultChar=0x0) returned 13 [0077.397] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x9ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x9e5098, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 12 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x9e50e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 12 [0077.398] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0077.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x9e5128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x9e5128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.398] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1 [0077.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssvc.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssvc.exe", cchWideChar=9, lpMultiByteStr=0x9e5170, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssvc.exe", lpUsedDefaultChar=0x0) returned 9 [0077.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VSSVC.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VSSVC.exe", cchWideChar=9, lpMultiByteStr=0x9e5170, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VSSVC.exe", lpUsedDefaultChar=0x0) returned 9 [0077.399] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="mscorsvw.exe")) returned 1 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x9e51b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x9e51b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0077.400] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5200, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e5200, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.401] Process32NextW (in: hSnapshot=0x154, lppe=0x121f96c | out: lppe=0x121f96c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0077.401] NtOpenProcess (in: ProcessHandle=0x121f8d4, DesiredAccess=0x400, ObjectAttributes=0x121f8e0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x121f8d8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0x121f8d4*=0x0) returned 0xc0000022 [0077.401] NtOpenProcess (in: ProcessHandle=0x121f8d4, DesiredAccess=0x1000, ObjectAttributes=0x121f8e0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x121f8d8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0x121f8d4*=0x158) returned 0x0 [0077.401] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.402] FindFirstFileExW (in: lpFileName="C:\\Windows\\SysWOW64\\*.dll", fInfoLevelId=0x1, lpFindFileData=0x121f670, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f670) returned 0x2e6a30 [0077.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AACLIENT.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AACLIENT.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.402] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCESSIBILITYCPL.DLL", cchWideChar=20, lpMultiByteStr=0x9e56c8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCESSIBILITYCPL.DLL", lpUsedDefaultChar=0x0) returned 20 [0077.403] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACCTRES.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACCTRES.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.403] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLEDIT.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLEDIT.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.403] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACLUI.DLL", cchWideChar=9, lpMultiByteStr=0x9e5680, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACLUI.DLL", lpUsedDefaultChar=0x0) returned 9 [0077.403] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACPPAGE.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACPPAGE.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.404] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTER.DLL", cchWideChar=16, lpMultiByteStr=0x9e5680, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTER.DLL", lpUsedDefaultChar=0x0) returned 16 [0077.404] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIONCENTERCPL.DLL", cchWideChar=19, lpMultiByteStr=0x9e56c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIONCENTERCPL.DLL", lpUsedDefaultChar=0x0) returned 19 [0077.404] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTIVEDS.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTIVEDS.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.404] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ACTXPRXY.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACTXPRXY.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.404] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMPARSE.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMPARSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.404] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADMTMPL.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMTMPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.405] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADPROVIDER.DLL", cchWideChar=14, lpMultiByteStr=0x9e5680, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 14 [0077.405] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDP.DLL", cchWideChar=10, lpMultiByteStr=0x9e56c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDP.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.405] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSLDPC.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSLDPC.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.405] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSMSEXT.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSMSEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.405] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADSNT.DLL", cchWideChar=9, lpMultiByteStr=0x9e5680, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADSNT.DLL", lpUsedDefaultChar=0x0) returned 9 [0077.405] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADTSCHEMA.DLL", cchWideChar=13, lpMultiByteStr=0x9e56c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADTSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 13 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVAPI32.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVAPI32.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ADVPACK.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADVPACK.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AECACHE.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AECACHE.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AEEVTS.DLL", cchWideChar=10, lpMultiByteStr=0x9e56c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AEEVTS.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALTTAB.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALTTAB.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMSTREAM.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMSTREAM.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.406] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AMXREAD.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AMXREAD.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.407] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APDS.DLL", cchWideChar=8, lpMultiByteStr=0x9e56c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APDS.DLL", lpUsedDefaultChar=0x0) returned 8 [0077.407] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x9e5680, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-CONSOLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0077.407] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x9e56c8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DATETIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0077.407] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x9e5680, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DEBUG-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0077.407] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x9e56c8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-DELAYLOAD-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0077.407] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x9e5680, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-ERRORHANDLING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FIBERS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e5680, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e56c8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e5680, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-FILE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HANDLE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e5680, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.408] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", cchWideChar=38, lpMultiByteStr=0x9e56c8, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-INTERLOCKED-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 38 [0077.409] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", cchWideChar=29, lpMultiByteStr=0x9e5680, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-IO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 29 [0077.409] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x9e56c8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0077.409] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x9e5680, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0077.409] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", cchWideChar=39, lpMultiByteStr=0x9e56c8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0077.409] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x9e5680, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-LOCALREGISTRY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0077.409] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MEMORY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e5680, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-MISC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x9e56c8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-NAMEDPIPE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", cchWideChar=45, lpMultiByteStr=0x9e5680, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 45 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", cchWideChar=41, lpMultiByteStr=0x9e56c8, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 41 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", cchWideChar=41, lpMultiByteStr=0x9e5680, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL", lpUsedDefaultChar=0x0) returned 41 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0077.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x9e56c8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-PROFILE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0077.410] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x9e5680, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-RTLSUPPORT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0077.411] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.411] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x9e5680, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0077.411] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", cchWideChar=32, lpMultiByteStr=0x9e56c8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYNCH-L1-2-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0077.411] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x9e5680, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0077.411] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x9e56c8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-THREADPOOL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0077.411] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0077.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x9e5680, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e56c8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-UTIL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e5680, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CORE-XSTATE-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e5680, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-CONVERT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", cchWideChar=37, lpMultiByteStr=0x9e5680, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 37 [0077.412] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x9e56c8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0077.413] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x9e5680, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-HEAP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0077.413] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x9e56c8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-LOCALE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0077.413] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x9e5680, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MATH-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0077.413] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x9e56c8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0077.413] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e5680, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PRIVATE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.413] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e56c8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-PROCESS-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e5680, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", cchWideChar=31, lpMultiByteStr=0x9e56c8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STDIO-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 31 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", cchWideChar=32, lpMultiByteStr=0x9e5680, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-STRING-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 32 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", cchWideChar=30, lpMultiByteStr=0x9e56c8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-TIME-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 30 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", cchWideChar=33, lpMultiByteStr=0x9e5680, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-CRT-UTILITY-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 33 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0077.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", cchWideChar=39, lpMultiByteStr=0x9e56c8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-EVENTING-PROVIDER-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 39 [0077.414] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x9e5680, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-BASE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0077.415] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x9e56c8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0077.415] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", cchWideChar=35, lpMultiByteStr=0x9e5680, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 35 [0077.415] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", cchWideChar=34, lpMultiByteStr=0x9e56c8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-CORE-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 34 [0077.415] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x9e5680, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0077.415] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", cchWideChar=40, lpMultiByteStr=0x9e56c8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL", lpUsedDefaultChar=0x0) returned 40 [0077.415] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", cchWideChar=36, lpMultiByteStr=0x9e5680, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL", lpUsedDefaultChar=0x0) returned 36 [0077.416] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APILOGEN.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APILOGEN.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.416] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APIRCL.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APIRCL.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.416] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APISETSCHEMA.DLL", cchWideChar=16, lpMultiByteStr=0x9e56c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APISETSCHEMA.DLL", lpUsedDefaultChar=0x0) returned 16 [0077.416] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHELP.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHELP.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.416] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPHLPDM.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPHLPDM.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.416] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDAPI.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDAPI.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.417] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPIDPOLICYENGINEAPI.DLL", cchWideChar=24, lpMultiByteStr=0x9e56c8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPIDPOLICYENGINEAPI.DLL", lpUsedDefaultChar=0x0) returned 24 [0077.417] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGMTS.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGMTS.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.417] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPMGR.DLL", cchWideChar=10, lpMultiByteStr=0x9e56c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPMGR.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.417] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APSS.DLL", cchWideChar=8, lpMultiByteStr=0x9e5680, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APSS.DLL", lpUsedDefaultChar=0x0) returned 8 [0077.417] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASFERROR.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASFERROR.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.417] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0077.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASPNET_COUNTERS.DLL", cchWideChar=19, lpMultiByteStr=0x9e5680, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASPNET_COUNTERS.DLL", lpUsedDefaultChar=0x0) returned 19 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ASYCFILT.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ASYCFILT.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL.DLL", cchWideChar=7, lpMultiByteStr=0x9e5680, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL.DLL", lpUsedDefaultChar=0x0) returned 7 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL100.DLL", cchWideChar=10, lpMultiByteStr=0x9e56c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL100.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATL110.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATL110.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMFD.DLL", cchWideChar=9, lpMultiByteStr=0x9e56c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMFD.DLL", lpUsedDefaultChar=0x0) returned 9 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ATMLIB.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATMLIB.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.418] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIODEV.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIODEV.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOENG.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOENG.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOKSE.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOKSE.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDIOSES.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDIOSES.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITNATIVESNAPIN.DLL", cchWideChar=21, lpMultiByteStr=0x9e56c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITNATIVESNAPIN.DLL", lpUsedDefaultChar=0x0) returned 21 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLICYGPINTEROP.DLL", cchWideChar=24, lpMultiByteStr=0x9e5680, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLICYGPINTEROP.DLL", lpUsedDefaultChar=0x0) returned 24 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0077.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUDITPOLMSG.DLL", cchWideChar=15, lpMultiByteStr=0x9e56c8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUDITPOLMSG.DLL", lpUsedDefaultChar=0x0) returned 15 [0077.419] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWCFG.DLL", cchWideChar=13, lpMultiByteStr=0x9e5680, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWCFG.DLL", lpUsedDefaultChar=0x0) returned 13 [0077.420] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWGP.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWGP.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.420] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWSNAPIN.DLL", cchWideChar=16, lpMultiByteStr=0x9e5680, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWSNAPIN.DLL", lpUsedDefaultChar=0x0) returned 16 [0077.420] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHFWWIZFWK.DLL", cchWideChar=16, lpMultiByteStr=0x9e56c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHFWWIZFWK.DLL", lpUsedDefaultChar=0x0) returned 16 [0077.420] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHUI.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHUI.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.422] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTHZ.DLL", cchWideChar=9, lpMultiByteStr=0x9e56c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTHZ.DLL", lpUsedDefaultChar=0x0) returned 9 [0077.422] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUTOPLAY.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUTOPLAY.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.422] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYAPI.DLL", cchWideChar=23, lpMultiByteStr=0x9e56c8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYAPI.DLL", lpUsedDefaultChar=0x0) returned 23 [0077.422] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AUXILIARYDISPLAYCPL.DLL", cchWideChar=23, lpMultiByteStr=0x9e5680, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AUXILIARYDISPLAYCPL.DLL", lpUsedDefaultChar=0x0) returned 23 [0077.422] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVICAP32.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVICAP32.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.422] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVIFIL32.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVIFIL32.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AVRT.DLL", cchWideChar=8, lpMultiByteStr=0x9e56c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AVRT.DLL", lpUsedDefaultChar=0x0) returned 8 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLES.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLES.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZROLEUI.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZROLEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AZSQLEXT.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AZSQLEXT.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BASECSP.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BASECSP.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BATMETER.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BATMETER.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.423] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPT.DLL", cchWideChar=10, lpMultiByteStr=0x9e56c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPT.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.424] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BCRYPTPRIMITIVES.DLL", cchWideChar=20, lpMultiByteStr=0x9e5680, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BCRYPTPRIMITIVES.DLL", lpUsedDefaultChar=0x0) returned 20 [0077.424] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIDISPL.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIDISPL.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.424] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BIOCREDPROV.DLL", cchWideChar=15, lpMultiByteStr=0x9e5680, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIOCREDPROV.DLL", lpUsedDefaultChar=0x0) returned 15 [0077.424] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPERF.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPERF.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.424] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX2.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX2.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.424] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX3.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX3.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.425] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX4.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX4.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.425] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX5.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX5.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.425] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BITSPRX6.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BITSPRX6.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.425] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BLACKBOX.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BLACKBOX.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.425] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTVID.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BOOTVID.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.425] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWCLI.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWCLI.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BROWSEUI.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BROWSEUI.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BTPANUI.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTPANUI.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWCONTEXTHANDLER.DLL", cchWideChar=20, lpMultiByteStr=0x9e5680, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWCONTEXTHANDLER.DLL", lpUsedDefaultChar=0x0) returned 20 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BWUNPAIRELEVATED.DLL", cchWideChar=20, lpMultiByteStr=0x9e56c8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BWUNPAIRELEVATED.DLL", lpUsedDefaultChar=0x0) returned 20 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABINET.DLL", cchWideChar=11, lpMultiByteStr=0x9e5680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABINET.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CABVIEW.DLL", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CABVIEW.DLL", lpUsedDefaultChar=0x0) returned 11 [0077.426] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPIPROVIDER.DLL", cchWideChar=16, lpMultiByteStr=0x9e5680, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPIPROVIDER.DLL", lpUsedDefaultChar=0x0) returned 16 [0077.427] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CAPISP.DLL", cchWideChar=10, lpMultiByteStr=0x9e56c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CAPISP.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.427] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRV.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRV.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.427] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVPS.DLL", cchWideChar=12, lpMultiByteStr=0x9e56c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVPS.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.427] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CATSRVUT.DLL", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CATSRVUT.DLL", lpUsedDefaultChar=0x0) returned 12 [0077.427] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CCA.DLL", cchWideChar=7, lpMultiByteStr=0x9e56c8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CCA.DLL", lpUsedDefaultChar=0x0) returned 7 [0077.427] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CDOSYS.DLL", cchWideChar=10, lpMultiByteStr=0x9e5680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CDOSYS.DLL", lpUsedDefaultChar=0x0) returned 10 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.428] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.429] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.430] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.431] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.432] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121f670 | out: lpFindFileData=0x121f670) returned 1 [0077.434] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="psapi.dll", BaseAddress=0x121f8e4 | out: BaseAddress=0x121f8e4*=0x75a20000) returned 0x0 [0077.435] FindClose (in: hFindFile=0x2e6a30 | out: hFindFile=0x2e6a30) returned 1 [0077.435] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="") returned 0x0 [0077.435] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.435] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.435] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.435] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.435] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.435] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.435] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.435] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\smss.exe") returned 0x31 [0077.435] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.435] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.435] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.436] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.436] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.436] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.436] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.436] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.436] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.436] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.436] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Sidebar\\picture_pk.exe") returned 0x44 [0077.436] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.436] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.436] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.436] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.436] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.436] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.436] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.436] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.436] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.436] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.436] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\csrss.exe") returned 0x32 [0077.437] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.437] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.437] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.437] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.437] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.437] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.437] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.437] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.437] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.437] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.437] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\wininit.exe") returned 0x34 [0077.437] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.437] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.437] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.437] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.437] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.437] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.437] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.437] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.437] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.437] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.438] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.438] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.438] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.438] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.438] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.438] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.438] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.438] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.438] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.438] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.438] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\csrss.exe") returned 0x32 [0077.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.438] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.438] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.438] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.438] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.438] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.438] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.439] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.439] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.439] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.439] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\winlogon.exe") returned 0x35 [0077.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.439] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.439] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.439] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.439] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.439] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.439] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.439] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.439] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.439] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.439] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\services.exe") returned 0x35 [0077.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.439] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.439] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.439] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.439] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.440] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.440] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.440] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.440] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.440] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.440] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsass.exe") returned 0x32 [0077.440] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.440] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.440] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.440] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.440] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.440] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.440] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.440] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.440] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.440] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.440] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsm.exe") returned 0x30 [0077.440] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.440] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.440] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.441] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.441] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.441] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.441] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.441] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.441] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.441] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.441] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.441] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.441] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.441] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.441] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.441] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.441] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.441] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.441] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.441] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.441] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.441] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.442] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.442] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.442] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.442] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.442] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.442] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.442] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.442] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.442] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.442] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.442] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.442] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.442] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.442] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.442] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.442] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.442] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.442] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.442] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.443] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.443] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.443] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.443] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.443] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.443] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.443] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.443] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.443] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.443] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.443] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.443] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.443] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.443] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.443] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.443] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.443] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.443] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.443] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.444] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.444] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\audiodg.exe") returned 0x34 [0077.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.444] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.444] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.444] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.444] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.444] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.444] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.444] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.444] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.444] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.444] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.444] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.444] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.444] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.444] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.444] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.445] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.445] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.445] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.445] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.445] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\spoolsv.exe") returned 0x34 [0077.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.445] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.445] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.445] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.445] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.445] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.445] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.445] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.445] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.445] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.445] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.445] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.445] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.445] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.446] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.446] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.446] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.446] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.446] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.446] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.446] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0077.446] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.446] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.446] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.446] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.446] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.446] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.446] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.446] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.446] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.446] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.446] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0077.446] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.447] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.447] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.447] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.447] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.447] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.447] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.447] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.447] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.447] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.447] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskeng.exe") returned 0x34 [0077.447] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.447] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.447] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.447] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.447] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.447] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.447] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.447] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e5689 [0077.447] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e5690 [0077.447] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.447] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0077.448] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.448] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.448] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.448] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.448] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.448] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.448] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.448] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.448] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.448] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.448] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0077.448] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.448] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.448] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.448] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.448] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.448] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.448] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.448] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.448] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.449] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.449] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Internet Explorer\\transportationporval.exe") returned 0x56 [0077.449] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.449] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.449] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.449] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.449] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.449] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.449] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.449] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.449] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.449] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.449] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\liverpool-brazil-kind-researchers.exe") returned 0x6d [0077.449] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.449] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.449] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.449] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.449] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.449] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.449] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.449] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.450] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.450] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.450] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\azerbaijan australia map.exe") returned 0x54 [0077.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.450] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.450] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.450] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.450] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.450] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.450] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.450] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.450] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.450] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.450] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\seattleconvertible.exe") returned 0x5e [0077.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.450] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.450] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.450] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.450] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.450] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.451] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.451] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.451] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.451] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.451] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Portable Devices\\camps_part_october.exe") returned 0x55 [0077.451] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.451] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.451] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.451] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.451] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.451] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.451] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.451] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.451] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.451] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.451] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Portable Devices\\fskaslidesoregon.exe") returned 0x59 [0077.451] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.451] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.451] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.451] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.452] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.452] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.452] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.452] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.452] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.452] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.452] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Synchronization Services\\ny surge discounts.exe") returned 0x5f [0077.452] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.452] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.452] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.452] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.452] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.452] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.452] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.452] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.452] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.452] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.452] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\furniture-cg.exe") returned 0x48 [0077.452] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.452] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.452] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.453] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.453] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.453] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.453] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.453] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.453] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.453] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.453] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Journal\\angry_region_seconds.exe") returned 0x4e [0077.453] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.453] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.453] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.453] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.453] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.453] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.453] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.453] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.453] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.453] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.453] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\soviet-nutten-samples-configured.exe") returned 0x5f [0077.454] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.454] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.454] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.454] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.454] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.454] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.454] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.454] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.454] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.454] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.454] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Google\\wishes_pixels_reflected_edgar.exe") returned 0x54 [0077.454] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.454] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.454] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.454] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.454] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.454] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.454] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.454] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.454] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.454] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.454] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Photo Viewer\\nyc-actor-fault-logistics.exe") returned 0x5e [0077.455] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.455] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.455] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.455] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.455] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.455] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.455] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.455] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.455] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.455] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.455] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\duration_electricity_columbia_estate.exe") returned 0x63 [0077.455] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.455] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.455] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.455] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.455] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.455] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.455] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.455] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.455] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.455] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.456] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Photo Viewer\\prominent.exe") returned 0x48 [0077.456] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.456] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.456] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.456] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.456] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.456] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.456] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.456] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.456] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.456] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.456] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Java\\after practical kiss sir.exe") returned 0x4d [0077.456] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.456] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.456] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.456] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.456] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.456] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.456] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.456] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.456] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.457] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.457] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\epson-pressing-camera.exe") returned 0x54 [0077.457] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.457] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.457] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.457] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.457] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.457] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.457] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.457] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.457] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.457] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.457] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Sync Framework\\baptist-extraction.exe") returned 0x55 [0077.457] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.457] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.457] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.457] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.457] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.457] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.457] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.458] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.458] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.458] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.458] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Common Files\\challenged.exe") returned 0x41 [0077.458] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.458] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.458] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.458] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.458] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.458] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.458] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.458] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.458] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.458] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.458] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\MSBuild\\rhode-jay.exe") returned 0x3b [0077.458] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.458] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.458] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.458] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.458] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.458] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.459] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.459] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e5689 [0077.459] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e5690 [0077.459] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.459] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\conhost.exe") returned 0x34 [0077.459] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.459] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.459] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.459] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.459] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.459] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.459] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.459] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e5689 [0077.459] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e5690 [0077.459] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.459] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\VSSVC.exe") returned 0x32 [0077.459] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.459] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.459] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.459] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.459] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.460] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.460] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.460] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.460] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.460] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.460] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe") returned 0x4f [0077.460] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.460] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.460] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.460] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.460] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.461] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.461] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.461] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.461] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.461] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8fc | out: lpExitCode=0x121f8fc*=0x103) returned 1 [0077.461] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.461] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8e4 | out: Wow64Process=0x121f8e4) returned 1 [0077.461] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8f4 | out: Wow64Process=0x121f8f4) returned 1 [0077.461] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8f0, ProcessInformationLength=0x4, ReturnLength=0x121f8f4 | out: ProcessInformation=0x121f8f0, ReturnLength=0x121f8f4) returned 0x0 [0077.461] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910 | out: lpCreationTime=0x121f918, lpExitTime=0x121f910, lpKernelTime=0x121f910, lpUserTime=0x121f910) returned 1 [0077.461] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8e0 | out: TokenHandle=0x121f8e0*=0x15c) returned 1 [0077.461] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8dc | out: TokenInformation=0x0, ReturnLength=0x121f8dc) returned 0 [0077.461] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e5680, TokenInformationLength=0x14, ReturnLength=0x121f8dc | out: TokenInformation=0x9e5680, ReturnLength=0x121f8dc) returned 1 [0077.461] GetSidSubAuthorityCount (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5689 [0077.461] GetSidSubAuthority (pSid=0x9e5688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5690 [0077.463] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997e8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997e8, cbMultiByte=6, lpWideCharStr=0x994d68, cchWideChar=6 | out: lpWideCharStr="System") returned 6 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997e8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997e8, cbMultiByte=6, lpWideCharStr=0x994ac0, cchWideChar=6 | out: lpWideCharStr="System") returned 6 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999710, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999710, cbMultiByte=8, lpWideCharStr=0x994d68, cchWideChar=8 | out: lpWideCharStr="smss.exe") returned 8 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999710, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999710, cbMultiByte=8, lpWideCharStr=0x994ac0, cchWideChar=8 | out: lpWideCharStr="smss.exe") returned 8 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999758, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999758, cbMultiByte=9, lpWideCharStr=0x994d68, cchWideChar=9 | out: lpWideCharStr="csrss.exe") returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999758, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999758, cbMultiByte=9, lpWideCharStr=0x994ac0, cchWideChar=9 | out: lpWideCharStr="csrss.exe") returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9996c8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9996c8, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="wininit.exe") returned 11 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9996c8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9996c8, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="wininit.exe") returned 11 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999680, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999680, cbMultiByte=9, lpWideCharStr=0x994d68, cchWideChar=9 | out: lpWideCharStr="csrss.exe") returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999680, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999680, cbMultiByte=9, lpWideCharStr=0x994ac0, cchWideChar=9 | out: lpWideCharStr="csrss.exe") returned 9 [0077.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999638, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999638, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="winlogon.exe") returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999638, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999638, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="winlogon.exe") returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995f0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995f0, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="services.exe") returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995f0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995f0, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="services.exe") returned 12 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995a8, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995a8, cbMultiByte=9, lpWideCharStr=0x994d68, cchWideChar=9 | out: lpWideCharStr="lsass.exe") returned 9 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995a8, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9995a8, cbMultiByte=9, lpWideCharStr=0x994ac0, cchWideChar=9 | out: lpWideCharStr="lsass.exe") returned 9 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999560, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999560, cbMultiByte=7, lpWideCharStr=0x994d68, cchWideChar=7 | out: lpWideCharStr="lsm.exe") returned 7 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999560, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999560, cbMultiByte=7, lpWideCharStr=0x994ac0, cchWideChar=7 | out: lpWideCharStr="lsm.exe") returned 7 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999518, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999518, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999518, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999518, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9994d0, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999488, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999488, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999488, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999488, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999440, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999440, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999440, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999440, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993f8, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="audiodg.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9993b0, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="audiodg.exe") returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999368, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999368, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999368, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999368, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999320, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999320, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999320, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999320, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="spoolsv.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="spoolsv.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999830, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999830, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999830, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999830, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999290, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999290, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="taskhost.exe") returned 12 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999290, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999290, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="taskhost.exe") returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9992d8, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9992d8, cbMultiByte=7, lpWideCharStr=0x994d68, cchWideChar=7 | out: lpWideCharStr="dwm.exe") returned 7 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9992d8, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9992d8, cbMultiByte=7, lpWideCharStr=0x994ac0, cchWideChar=7 | out: lpWideCharStr="dwm.exe") returned 7 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999248, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999248, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="explorer.exe") returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999248, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999248, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="explorer.exe") returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999200, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999200, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="taskeng.exe") returned 11 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999200, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999200, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="taskeng.exe") returned 11 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9991b8, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9991b8, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="taskhost.exe") returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9991b8, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9991b8, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="taskhost.exe") returned 12 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999170, cbMultiByte=24, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999170, cbMultiByte=24, lpWideCharStr=0x994d68, cchWideChar=24 | out: lpWideCharStr="transportationporval.exe") returned 24 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999170, cbMultiByte=24, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999170, cbMultiByte=24, lpWideCharStr=0x994ac0, cchWideChar=24 | out: lpWideCharStr="transportationporval.exe") returned 24 [0077.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ca8, cbMultiByte=37, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 37 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ca8, cbMultiByte=37, lpWideCharStr=0x994d68, cchWideChar=37 | out: lpWideCharStr="liverpool-brazil-kind-researchers.exe") returned 37 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ca8, cbMultiByte=37, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 37 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ca8, cbMultiByte=37, lpWideCharStr=0x994ac0, cchWideChar=37 | out: lpWideCharStr="liverpool-brazil-kind-researchers.exe") returned 37 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999128, cbMultiByte=28, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999128, cbMultiByte=28, lpWideCharStr=0x994d68, cchWideChar=28 | out: lpWideCharStr="azerbaijan australia map.exe") returned 28 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999128, cbMultiByte=28, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999128, cbMultiByte=28, lpWideCharStr=0x994ac0, cchWideChar=28 | out: lpWideCharStr="azerbaijan australia map.exe") returned 28 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9990e0, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9990e0, cbMultiByte=22, lpWideCharStr=0x994d68, cchWideChar=22 | out: lpWideCharStr="seattleconvertible.exe") returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9990e0, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9990e0, cbMultiByte=22, lpWideCharStr=0x994ac0, cchWideChar=22 | out: lpWideCharStr="seattleconvertible.exe") returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999098, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999098, cbMultiByte=22, lpWideCharStr=0x994d68, cchWideChar=22 | out: lpWideCharStr="camps_part_october.exe") returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999098, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999098, cbMultiByte=22, lpWideCharStr=0x994ac0, cchWideChar=22 | out: lpWideCharStr="camps_part_october.exe") returned 22 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999050, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999050, cbMultiByte=20, lpWideCharStr=0x994d68, cchWideChar=20 | out: lpWideCharStr="fskaslidesoregon.exe") returned 20 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999050, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999050, cbMultiByte=20, lpWideCharStr=0x994ac0, cchWideChar=20 | out: lpWideCharStr="fskaslidesoregon.exe") returned 20 [0077.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999008, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999008, cbMultiByte=22, lpWideCharStr=0x994d68, cchWideChar=22 | out: lpWideCharStr="ny surge discounts.exe") returned 22 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999008, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x999008, cbMultiByte=22, lpWideCharStr=0x994ac0, cchWideChar=22 | out: lpWideCharStr="ny surge discounts.exe") returned 22 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998fc0, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998fc0, cbMultiByte=16, lpWideCharStr=0x994d68, cchWideChar=16 | out: lpWideCharStr="furniture-cg.exe") returned 16 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998fc0, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998fc0, cbMultiByte=16, lpWideCharStr=0x994ac0, cchWideChar=16 | out: lpWideCharStr="furniture-cg.exe") returned 16 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f78, cbMultiByte=24, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f78, cbMultiByte=24, lpWideCharStr=0x994d68, cchWideChar=24 | out: lpWideCharStr="angry_region_seconds.exe") returned 24 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f78, cbMultiByte=24, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f78, cbMultiByte=24, lpWideCharStr=0x994ac0, cchWideChar=24 | out: lpWideCharStr="angry_region_seconds.exe") returned 24 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f30, cbMultiByte=36, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 36 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f30, cbMultiByte=36, lpWideCharStr=0x994d68, cchWideChar=36 | out: lpWideCharStr="soviet-nutten-samples-configured.exe") returned 36 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f30, cbMultiByte=36, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 36 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998f30, cbMultiByte=36, lpWideCharStr=0x994ac0, cchWideChar=36 | out: lpWideCharStr="soviet-nutten-samples-configured.exe") returned 36 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ee8, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ee8, cbMultiByte=14, lpWideCharStr=0x994d68, cchWideChar=14 | out: lpWideCharStr="picture_pk.exe") returned 14 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ee8, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ee8, cbMultiByte=14, lpWideCharStr=0x994ac0, cchWideChar=14 | out: lpWideCharStr="picture_pk.exe") returned 14 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ea0, cbMultiByte=33, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0077.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ea0, cbMultiByte=33, lpWideCharStr=0x994d68, cchWideChar=33 | out: lpWideCharStr="wishes_pixels_reflected_edgar.exe") returned 33 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ea0, cbMultiByte=33, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998ea0, cbMultiByte=33, lpWideCharStr=0x994ac0, cchWideChar=33 | out: lpWideCharStr="wishes_pixels_reflected_edgar.exe") returned 33 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e58, cbMultiByte=29, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 29 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e58, cbMultiByte=29, lpWideCharStr=0x994d68, cchWideChar=29 | out: lpWideCharStr="nyc-actor-fault-logistics.exe") returned 29 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e58, cbMultiByte=29, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 29 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e58, cbMultiByte=29, lpWideCharStr=0x994ac0, cchWideChar=29 | out: lpWideCharStr="nyc-actor-fault-logistics.exe") returned 29 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e10, cbMultiByte=40, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 40 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e10, cbMultiByte=40, lpWideCharStr=0x994d68, cchWideChar=40 | out: lpWideCharStr="duration_electricity_columbia_estate.exe") returned 40 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e10, cbMultiByte=40, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 40 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998e10, cbMultiByte=40, lpWideCharStr=0x994ac0, cchWideChar=40 | out: lpWideCharStr="duration_electricity_columbia_estate.exe") returned 40 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998dc8, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998dc8, cbMultiByte=13, lpWideCharStr=0x994d68, cchWideChar=13 | out: lpWideCharStr="prominent.exe") returned 13 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998dc8, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998dc8, cbMultiByte=13, lpWideCharStr=0x994ac0, cchWideChar=13 | out: lpWideCharStr="prominent.exe") returned 13 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d80, cbMultiByte=28, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d80, cbMultiByte=28, lpWideCharStr=0x994d68, cchWideChar=28 | out: lpWideCharStr="after practical kiss sir.exe") returned 28 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d80, cbMultiByte=28, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d80, cbMultiByte=28, lpWideCharStr=0x994ac0, cchWideChar=28 | out: lpWideCharStr="after practical kiss sir.exe") returned 28 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d38, cbMultiByte=25, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25 [0077.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d38, cbMultiByte=25, lpWideCharStr=0x994d68, cchWideChar=25 | out: lpWideCharStr="epson-pressing-camera.exe") returned 25 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d38, cbMultiByte=25, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998d38, cbMultiByte=25, lpWideCharStr=0x994ac0, cchWideChar=25 | out: lpWideCharStr="epson-pressing-camera.exe") returned 25 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998cf0, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998cf0, cbMultiByte=22, lpWideCharStr=0x994d68, cchWideChar=22 | out: lpWideCharStr="baptist-extraction.exe") returned 22 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998cf0, cbMultiByte=22, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 22 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998cf0, cbMultiByte=22, lpWideCharStr=0x994ac0, cchWideChar=22 | out: lpWideCharStr="baptist-extraction.exe") returned 22 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998c60, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998c60, cbMultiByte=14, lpWideCharStr=0x994d68, cchWideChar=14 | out: lpWideCharStr="challenged.exe") returned 14 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998c60, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x998c60, cbMultiByte=14, lpWideCharStr=0x994ac0, cchWideChar=14 | out: lpWideCharStr="challenged.exe") returned 14 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc9c0, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc9c0, cbMultiByte=13, lpWideCharStr=0x994d68, cchWideChar=13 | out: lpWideCharStr="rhode-jay.exe") returned 13 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc9c0, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xabc9c0, cbMultiByte=13, lpWideCharStr=0x994ac0, cchWideChar=13 | out: lpWideCharStr="rhode-jay.exe") returned 13 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5098, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5098, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="vssadmin.exe") returned 12 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5098, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5098, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="vssadmin.exe") returned 12 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e50e0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e50e0, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="conhost.exe") returned 11 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e50e0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e50e0, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="conhost.exe") returned 11 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5128, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5128, cbMultiByte=9, lpWideCharStr=0x994d68, cchWideChar=9 | out: lpWideCharStr="VSSVC.exe") returned 9 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5128, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5128, cbMultiByte=9, lpWideCharStr=0x994ac0, cchWideChar=9 | out: lpWideCharStr="VSSVC.exe") returned 9 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5170, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5170, cbMultiByte=12, lpWideCharStr=0x994d68, cchWideChar=12 | out: lpWideCharStr="mscorsvw.exe") returned 12 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5170, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e5170, cbMultiByte=12, lpWideCharStr=0x994ac0, cchWideChar=12 | out: lpWideCharStr="mscorsvw.exe") returned 12 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e51b8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e51b8, cbMultiByte=11, lpWideCharStr=0x994d68, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e51b8, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0077.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9e51b8, cbMultiByte=11, lpWideCharStr=0x994ac0, cchWideChar=11 | out: lpWideCharStr="svchost.exe") returned 11 [0077.473] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x121fcd8 | out: TokenHandle=0x121fcd8*=0x154) returned 0x0 [0077.473] NtAdjustPrivilegesToken (in: TokenHandle=0x154, DisableAllPrivileges=0, NewState=0x121fcdc, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x0 [0077.473] NtClose (Handle=0x154) returned 0x0 [0077.473] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x121fcd8 | out: TokenHandle=0x121fcd8*=0x154) returned 0x0 [0077.474] NtAdjustPrivilegesToken (in: TokenHandle=0x154, DisableAllPrivileges=0, NewState=0x121fcdc, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x0 [0077.474] NtClose (Handle=0x154) returned 0x0 [0077.474] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x154 [0077.476] Process32FirstW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0077.476] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0077.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="system", cchWideChar=6, lpMultiByteStr=0x998d38, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="system", lpUsedDefaultChar=0x0) returned 6 [0077.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0077.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=6, lpMultiByteStr=0x998d38, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 6 [0077.477] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x998e10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 8 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=8, lpMultiByteStr=0x998e10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 8 [0077.478] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x998ea0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x998ea0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.479] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0077.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x998ee8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 11 [0077.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=11, lpMultiByteStr=0x998ee8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 11 [0077.479] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0077.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x998f30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=9, lpMultiByteStr=0x998f30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 9 [0077.480] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0077.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x998f78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 12 [0077.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=12, lpMultiByteStr=0x998f78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 12 [0077.481] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0077.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x998fc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 12 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=12, lpMultiByteStr=0x998fc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 12 [0077.482] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x999008, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=9, lpMultiByteStr=0x999008, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 9 [0077.482] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0077.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x999050, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=7, lpMultiByteStr=0x999050, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.483] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999098, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999098, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.484] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9990e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9990e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.485] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.486] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998ca8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x998ca8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.487] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999170, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999170, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.487] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0077.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x9991b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 11 [0077.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=11, lpMultiByteStr=0x9991b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 11 [0077.488] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999200, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999200, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.489] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999248, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x999248, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.490] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0077.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x998d38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0077.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=11, lpMultiByteStr=0x998d38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 11 [0077.491] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9992d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9992d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.491] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0077.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x999248, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x999248, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.492] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x310, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0077.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x999290, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=7, lpMultiByteStr=0x999290, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 7 [0077.493] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x548, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x999830, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 12 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=12, lpMultiByteStr=0x999830, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 12 [0077.494] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 11 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=11, lpMultiByteStr=0x9997a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 11 [0077.495] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0077.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x999320, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=12, lpMultiByteStr=0x999320, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 12 [0077.495] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="transportationporval.exe")) returned 1 [0077.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x999368, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transportationporval.exe", lpUsedDefaultChar=0x0) returned 24 [0077.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="transportationporval.exe", cchWideChar=24, lpMultiByteStr=0x999368, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="transportationporval.exe", lpUsedDefaultChar=0x0) returned 24 [0077.496] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="liverpool-brazil-kind-researchers.exe")) returned 1 [0077.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x9993b0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liverpool-brazil-kind-researchers.exe", lpUsedDefaultChar=0x0) returned 37 [0077.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0077.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="liverpool-brazil-kind-researchers.exe", cchWideChar=37, lpMultiByteStr=0x9993b0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liverpool-brazil-kind-researchers.exe", lpUsedDefaultChar=0x0) returned 37 [0077.497] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="azerbaijan australia map.exe")) returned 1 [0077.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x9993f8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="azerbaijan australia map.exe", lpUsedDefaultChar=0x0) returned 28 [0077.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="azerbaijan australia map.exe", cchWideChar=28, lpMultiByteStr=0x9993f8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="azerbaijan australia map.exe", lpUsedDefaultChar=0x0) returned 28 [0077.499] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="seattleconvertible.exe")) returned 1 [0077.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x999440, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seattleconvertible.exe", lpUsedDefaultChar=0x0) returned 22 [0077.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="seattleconvertible.exe", cchWideChar=22, lpMultiByteStr=0x999440, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="seattleconvertible.exe", lpUsedDefaultChar=0x0) returned 22 [0077.500] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="camps_part_october.exe")) returned 1 [0077.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x999488, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="camps_part_october.exe", lpUsedDefaultChar=0x0) returned 22 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="camps_part_october.exe", cchWideChar=22, lpMultiByteStr=0x999488, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="camps_part_october.exe", lpUsedDefaultChar=0x0) returned 22 [0077.501] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="fskaslidesoregon.exe")) returned 1 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x9994d0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fskaslidesoregon.exe", lpUsedDefaultChar=0x0) returned 20 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0077.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fskaslidesoregon.exe", cchWideChar=20, lpMultiByteStr=0x9994d0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fskaslidesoregon.exe", lpUsedDefaultChar=0x0) returned 20 [0077.501] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x31c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="ny surge discounts.exe")) returned 1 [0077.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x999518, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ny surge discounts.exe", lpUsedDefaultChar=0x0) returned 22 [0077.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ny surge discounts.exe", cchWideChar=22, lpMultiByteStr=0x999518, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ny surge discounts.exe", lpUsedDefaultChar=0x0) returned 22 [0077.502] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="furniture-cg.exe")) returned 1 [0077.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x999560, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="furniture-cg.exe", lpUsedDefaultChar=0x0) returned 16 [0077.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0077.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="furniture-cg.exe", cchWideChar=16, lpMultiByteStr=0x999560, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="furniture-cg.exe", lpUsedDefaultChar=0x0) returned 16 [0077.503] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="angry_region_seconds.exe")) returned 1 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x9995a8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angry_region_seconds.exe", lpUsedDefaultChar=0x0) returned 24 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="angry_region_seconds.exe", cchWideChar=24, lpMultiByteStr=0x9995a8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angry_region_seconds.exe", lpUsedDefaultChar=0x0) returned 24 [0077.504] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="soviet-nutten-samples-configured.exe")) returned 1 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x9995f0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="soviet-nutten-samples-configured.exe", lpUsedDefaultChar=0x0) returned 36 [0077.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0077.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="soviet-nutten-samples-configured.exe", cchWideChar=36, lpMultiByteStr=0x9995f0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="soviet-nutten-samples-configured.exe", lpUsedDefaultChar=0x0) returned 36 [0077.505] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="picture_pk.exe")) returned 1 [0077.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x999638, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="picture_pk.exe", lpUsedDefaultChar=0x0) returned 14 [0077.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="picture_pk.exe", cchWideChar=14, lpMultiByteStr=0x999638, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="picture_pk.exe", lpUsedDefaultChar=0x0) returned 14 [0077.505] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishes_pixels_reflected_edgar.exe")) returned 1 [0077.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x999680, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wishes_pixels_reflected_edgar.exe", lpUsedDefaultChar=0x0) returned 33 [0077.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0077.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wishes_pixels_reflected_edgar.exe", cchWideChar=33, lpMultiByteStr=0x999680, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wishes_pixels_reflected_edgar.exe", lpUsedDefaultChar=0x0) returned 33 [0077.506] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="nyc-actor-fault-logistics.exe")) returned 1 [0077.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0077.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x9996c8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyc-actor-fault-logistics.exe", lpUsedDefaultChar=0x0) returned 29 [0077.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0077.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="nyc-actor-fault-logistics.exe", cchWideChar=29, lpMultiByteStr=0x9996c8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyc-actor-fault-logistics.exe", lpUsedDefaultChar=0x0) returned 29 [0077.507] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x398, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="duration_electricity_columbia_estate.exe")) returned 1 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x999758, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="duration_electricity_columbia_estate.exe", lpUsedDefaultChar=0x0) returned 40 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="duration_electricity_columbia_estate.exe", cchWideChar=40, lpMultiByteStr=0x999758, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="duration_electricity_columbia_estate.exe", lpUsedDefaultChar=0x0) returned 40 [0077.508] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="prominent.exe")) returned 1 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x999710, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prominent.exe", lpUsedDefaultChar=0x0) returned 13 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="prominent.exe", cchWideChar=13, lpMultiByteStr=0x999710, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prominent.exe", lpUsedDefaultChar=0x0) returned 13 [0077.508] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="after practical kiss sir.exe")) returned 1 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x9997e8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="after practical kiss sir.exe", lpUsedDefaultChar=0x0) returned 28 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="after practical kiss sir.exe", cchWideChar=28, lpMultiByteStr=0x9997e8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="after practical kiss sir.exe", lpUsedDefaultChar=0x0) returned 28 [0077.509] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="epson-pressing-camera.exe")) returned 1 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x9e51b8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="epson-pressing-camera.exe", lpUsedDefaultChar=0x0) returned 25 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0077.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="epson-pressing-camera.exe", cchWideChar=25, lpMultiByteStr=0x9e51b8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="epson-pressing-camera.exe", lpUsedDefaultChar=0x0) returned 25 [0077.509] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x60c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="baptist-extraction.exe")) returned 1 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x9e5128, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="baptist-extraction.exe", lpUsedDefaultChar=0x0) returned 22 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="baptist-extraction.exe", cchWideChar=22, lpMultiByteStr=0x9e5128, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="baptist-extraction.exe", lpUsedDefaultChar=0x0) returned 22 [0077.510] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="challenged.exe")) returned 1 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x9e50e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="challenged.exe", lpUsedDefaultChar=0x0) returned 14 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="challenged.exe", cchWideChar=14, lpMultiByteStr=0x9e50e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="challenged.exe", lpUsedDefaultChar=0x0) returned 14 [0077.510] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x564, pcPriClassBase=8, dwFlags=0x0, szExeFile="rhode-jay.exe")) returned 1 [0077.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x9e5098, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rhode-jay.exe", lpUsedDefaultChar=0x0) returned 13 [0077.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rhode-jay.exe", cchWideChar=13, lpMultiByteStr=0x9e5098, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rhode-jay.exe", lpUsedDefaultChar=0x0) returned 13 [0077.511] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x9ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0077.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 12 [0077.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssadmin.exe", cchWideChar=12, lpMultiByteStr=0x9e5680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 12 [0077.512] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0077.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="conhost.exe", cchWideChar=11, lpMultiByteStr=0x9e56c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.512] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssvc.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vssvc.exe", cchWideChar=9, lpMultiByteStr=0x9e5710, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssvc.exe", lpUsedDefaultChar=0x0) returned 9 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VSSVC.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VSSVC.exe", cchWideChar=9, lpMultiByteStr=0x9e5710, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VSSVC.exe", lpUsedDefaultChar=0x0) returned 9 [0077.513] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="mscorsvw.exe")) returned 1 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x9e5758, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorsvw.exe", cchWideChar=12, lpMultiByteStr=0x9e5758, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorsvw.exe", lpUsedDefaultChar=0x0) returned 12 [0077.513] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e57a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=11, lpMultiByteStr=0x9e57a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 11 [0077.514] Process32NextW (in: hSnapshot=0x154, lppe=0x121f958 | out: lppe=0x121f958*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0077.514] NtOpenProcess (in: ProcessHandle=0x121f8c0, DesiredAccess=0x400, ObjectAttributes=0x121f8cc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x121f8c4*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0x121f8c0*=0x0) returned 0xc0000022 [0077.514] NtOpenProcess (in: ProcessHandle=0x121f8c0, DesiredAccess=0x1000, ObjectAttributes=0x121f8cc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x121f8c4*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0x121f8c0*=0x158) returned 0x0 [0077.514] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.514] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="") returned 0x0 [0077.514] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.514] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.514] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.514] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.514] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.515] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.515] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.515] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.515] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.515] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.515] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\smss.exe") returned 0x31 [0077.515] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.515] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.515] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.515] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.515] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.515] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.515] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.515] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.515] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.515] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.515] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Sidebar\\picture_pk.exe") returned 0x44 [0077.515] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.515] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.515] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.515] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.515] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.515] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.515] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.515] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.515] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.515] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.516] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\csrss.exe") returned 0x32 [0077.516] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.516] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.516] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.516] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.516] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.516] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.516] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.516] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.516] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.516] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.516] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\wininit.exe") returned 0x34 [0077.516] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.516] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.516] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.516] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.516] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.516] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.516] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.516] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.516] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.516] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.517] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.517] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.517] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.517] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.517] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.517] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.517] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.517] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.517] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.517] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.517] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.517] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\csrss.exe") returned 0x32 [0077.517] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.517] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.517] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.517] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.517] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.517] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.517] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.517] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.517] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.517] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.517] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\winlogon.exe") returned 0x35 [0077.517] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.517] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.518] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.518] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.518] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.518] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.518] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.518] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.518] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.518] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.518] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\services.exe") returned 0x35 [0077.518] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.518] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.518] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.518] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.518] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.518] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.518] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.518] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.518] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.518] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.518] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsass.exe") returned 0x32 [0077.518] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.518] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.518] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.518] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.518] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.519] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.519] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.519] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.519] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.519] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.519] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsm.exe") returned 0x30 [0077.519] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.519] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.519] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.519] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.519] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.519] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.519] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.519] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.519] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.519] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.519] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.519] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.519] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.519] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.519] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.519] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.519] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.519] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.519] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.520] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.520] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.520] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.520] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.520] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.520] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.520] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.520] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.520] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.520] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.520] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.520] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.520] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.520] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.520] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.520] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.520] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.520] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.520] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.520] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.520] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.520] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.520] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.520] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.521] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.521] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.521] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.521] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.521] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.521] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.521] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.521] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.521] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.521] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.521] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.521] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.521] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.521] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.521] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.521] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.521] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.521] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.521] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.521] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.521] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.521] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.521] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\audiodg.exe") returned 0x34 [0077.521] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.521] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.522] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.522] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.522] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.522] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.522] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.522] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.522] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.522] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.522] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.522] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.522] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.522] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.522] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.522] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.522] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.522] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.522] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.522] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.522] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.522] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\spoolsv.exe") returned 0x34 [0077.522] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.522] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.522] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.522] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.522] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.522] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.523] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.523] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.523] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.523] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.523] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.523] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.523] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.523] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.523] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.523] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.523] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.523] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.523] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.523] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.523] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.523] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0077.523] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.523] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.523] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.523] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.523] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.523] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.523] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.523] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.523] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.523] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.524] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0077.524] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.524] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.524] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.524] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.524] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.524] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.524] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.524] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.524] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.524] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.524] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskeng.exe") returned 0x34 [0077.524] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.524] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.524] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.524] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.524] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.524] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.524] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.524] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e57f1 [0077.524] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e57f8 [0077.524] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.524] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0077.524] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.525] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.525] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.525] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.525] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.525] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.525] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.525] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.525] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.525] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.525] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0077.525] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.525] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.525] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.525] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.525] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.525] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.525] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.525] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.525] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.525] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.525] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Internet Explorer\\transportationporval.exe") returned 0x56 [0077.525] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.525] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.525] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.526] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.526] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.526] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.526] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.526] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.526] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.526] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.526] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\liverpool-brazil-kind-researchers.exe") returned 0x6d [0077.526] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.526] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.526] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.526] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.526] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.526] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.526] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.526] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.526] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.526] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.526] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\azerbaijan australia map.exe") returned 0x54 [0077.526] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.526] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.526] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.526] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.526] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.526] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.526] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.527] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.527] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.527] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.527] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\seattleconvertible.exe") returned 0x5e [0077.527] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.527] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.527] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.527] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.527] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.527] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.527] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.527] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.527] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.527] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.527] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Portable Devices\\camps_part_october.exe") returned 0x55 [0077.527] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.527] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.527] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.527] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.527] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.527] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.527] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.527] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.527] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.527] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.528] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Portable Devices\\fskaslidesoregon.exe") returned 0x59 [0077.528] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.528] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.528] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.528] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.528] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.528] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.528] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.528] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.528] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.528] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.528] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Synchronization Services\\ny surge discounts.exe") returned 0x5f [0077.528] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.528] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.528] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.528] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.528] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.528] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.528] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.528] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.528] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.528] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.528] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\furniture-cg.exe") returned 0x48 [0077.529] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.529] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.529] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.529] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.529] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.529] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.529] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.529] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.529] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.529] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.529] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Journal\\angry_region_seconds.exe") returned 0x4e [0077.529] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.529] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.529] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.529] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.529] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.529] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.529] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.529] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.529] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.529] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.530] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\soviet-nutten-samples-configured.exe") returned 0x5f [0077.530] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.530] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.530] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.530] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.530] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.530] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.530] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.530] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.530] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.530] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.530] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Google\\wishes_pixels_reflected_edgar.exe") returned 0x54 [0077.530] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.530] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.530] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.530] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.530] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.530] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.530] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.530] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.530] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.530] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.530] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Photo Viewer\\nyc-actor-fault-logistics.exe") returned 0x5e [0077.530] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.530] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.531] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.531] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.531] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.531] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.531] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.531] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.531] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.531] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.531] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\duration_electricity_columbia_estate.exe") returned 0x63 [0077.531] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.531] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.531] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.531] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.531] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.531] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.531] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.531] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.531] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.531] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.531] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Photo Viewer\\prominent.exe") returned 0x48 [0077.531] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.531] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.531] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.531] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.531] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.531] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.532] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.532] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.532] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.532] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.532] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Java\\after practical kiss sir.exe") returned 0x4d [0077.532] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.532] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.532] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.532] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.532] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.532] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.532] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.532] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.532] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.532] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.532] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\epson-pressing-camera.exe") returned 0x54 [0077.532] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.532] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.532] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.532] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.532] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.532] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.532] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.532] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.532] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.533] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.533] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Sync Framework\\baptist-extraction.exe") returned 0x55 [0077.533] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.533] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.533] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.533] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.533] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.533] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.533] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.533] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.533] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.533] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.533] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Common Files\\challenged.exe") returned 0x41 [0077.533] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.533] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.533] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.533] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.533] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.533] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.533] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.533] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.533] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.533] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.533] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\MSBuild\\rhode-jay.exe") returned 0x3b [0077.534] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.534] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.534] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.534] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.534] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.534] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.534] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.534] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e57f1 [0077.534] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e57f8 [0077.534] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.534] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\conhost.exe") returned 0x34 [0077.534] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.534] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.534] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.534] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.534] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.534] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.534] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.534] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e57f1 [0077.534] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e57f8 [0077.534] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.534] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\VSSVC.exe") returned 0x32 [0077.534] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.535] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.535] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.535] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.535] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.535] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.535] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.535] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.535] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.535] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.535] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe") returned 0x4f [0077.535] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.535] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.535] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.535] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.535] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.535] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.535] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.535] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.535] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.535] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f8e8 | out: lpExitCode=0x121f8e8*=0x103) returned 1 [0077.535] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9e0be8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\svchost.exe") returned 0x34 [0077.535] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x121f8d0 | out: Wow64Process=0x121f8d0) returned 1 [0077.535] IsWow64Process (in: hProcess=0x158, Wow64Process=0x121f8e0 | out: Wow64Process=0x121f8e0) returned 1 [0077.535] NtQueryInformationProcess (in: ProcessHandle=0x158, ProcessInformationClass=0x18, ProcessInformation=0x121f8dc, ProcessInformationLength=0x4, ReturnLength=0x121f8e0 | out: ProcessInformation=0x121f8dc, ReturnLength=0x121f8e0) returned 0x0 [0077.536] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc | out: lpCreationTime=0x121f904, lpExitTime=0x121f8fc, lpKernelTime=0x121f8fc, lpUserTime=0x121f8fc) returned 1 [0077.536] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f8cc | out: TokenHandle=0x121f8cc*=0x15c) returned 1 [0077.536] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f8c8 | out: TokenInformation=0x0, ReturnLength=0x121f8c8) returned 0 [0077.536] GetTokenInformation (in: TokenHandle=0x15c, TokenInformationClass=0x19, TokenInformation=0x9e57e8, TokenInformationLength=0x14, ReturnLength=0x121f8c8 | out: TokenInformation=0x9e57e8, ReturnLength=0x121f8c8) returned 1 [0077.536] GetSidSubAuthorityCount (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e57f1 [0077.536] GetSidSubAuthority (pSid=0x9e57f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e57f8 [0077.536] GetExitCodeProcess (in: hProcess=0x154, lpExitCode=0x121fc90 | out: lpExitCode=0x121fc90*=0x103) returned 1 [0077.536] NtOpenProcessToken (in: ProcessHandle=0x154, DesiredAccess=0xf01ff, TokenHandle=0x121fce4 | out: TokenHandle=0x121fce4*=0x158) returned 0x0 [0077.536] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x158, dwFlags=0x0, pszPath=0x9e0be8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0077.881] CryptAcquireContextW (in: phProv=0x121f9e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e4*=0x2d13d0) returned 1 [0077.882] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f8 | out: pbBuffer=0x121f9f8) returned 1 [0077.882] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.882] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.882] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.882] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.883] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.883] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.883] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.883] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.883] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.883] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.883] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.884] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.884] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.884] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.885] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.885] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.885] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.885] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.885] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.885] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.886] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.886] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.886] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.886] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.886] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.886] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.887] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.887] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.887] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.887] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.887] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.887] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.888] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.888] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.888] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.888] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.888] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.888] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.889] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.889] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.889] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.889] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.889] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.889] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.890] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.890] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.890] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.890] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.890] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.890] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.891] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.891] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.891] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.892] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.892] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.892] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.892] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.892] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.892] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.893] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.893] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.893] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.893] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.893] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.893] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.894] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.894] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.894] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.894] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.894] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.894] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.895] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.895] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.895] CryptAcquireContextW (in: phProv=0x121f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121f9e0*=0x2d13d0) returned 1 [0077.895] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121f9f4 | out: pbBuffer=0x121f9f4) returned 1 [0077.895] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\V5Hw0He6ZTJa4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5hw0he6ztja4"), fInfoLevelId=0x0, lpFileInformation=0x121f9ac | out: lpFileInformation=0x121f9ac*(dwFileAttributes=0x121fcdc, ftCreationTime.dwLowDateTime=0x406d29, ftCreationTime.dwHighDateTime=0xab0000, ftLastAccessTime.dwLowDateTime=0x8, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x121fd60, ftLastWriteTime.dwHighDateTime=0x121fcdc, nFileSizeHigh=0x2, nFileSizeLow=0x121fcb4)) returned 0 [0077.896] GetLastError () returned 0x2 [0077.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\V5Hw0He6ZTJa4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5hw0he6ztja4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x2, hTemplateFile=0x0) returned 0x16c [0077.896] SetFileTime (hFile=0x16c, lpCreationTime=0x0, lpLastAccessTime=0x121f9f0, lpLastWriteTime=0x121f9f0) returned 1 [0077.896] NtClose (Handle=0x16c) returned 0x0 [0077.896] GetShortPathNameW (in: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\V5Hw0He6ZTJa4", lpszShortPath=0x9e13f0, cchBuffer=0x200 | out: lpszShortPath="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1") returned 0x2b [0077.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\V5Hw0He6ZTJa4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5hw0he6ztja4"), fInfoLevelId=0x0, lpFileInformation=0x121f9ec | out: lpFileInformation=0x121f9ec*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x9fabb490, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0x9fabb490, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0x9fabb490, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.897] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\V5Hw0He6ZTJa4", dwFileAttributes=0x80) returned 1 [0077.897] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\V5Hw0He6ZTJa4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5hw0he6ztja4")) returned 1 [0077.897] GetSystemDirectoryW (in: lpBuffer=0x994678, uSize=0x40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0077.897] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\*.exe", fInfoLevelId=0x1, lpFindFileData=0x121fa44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121fa44) returned 0x2d1950 [0077.897] CryptAcquireContextW (in: phProv=0x121fa00, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x121fa00*=0x2d13d0) returned 1 [0077.898] CryptGenRandom (in: hProv=0x2d13d0, dwLen=0x4, pbBuffer=0x121fa14 | out: pbBuffer=0x121fa14) returned 1 [0077.898] CryptReleaseContext (hProv=0x2d13d0, dwFlags=0x0) returned 1 [0077.898] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.899] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.900] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.901] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.902] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fa44 | out: lpFindFileData=0x121fa44) returned 1 [0077.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\nbtstat.exe" (normalized: "c:\\windows\\system32\\nbtstat.exe"), fInfoLevelId=0x0, lpFileInformation=0x121f9ac | out: lpFileInformation=0x121f9ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4caa4fdc, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x4caa4fdc, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xeb366ee0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x4600)) returned 1 [0077.905] CreateFileW (lpFileName="C:\\Windows\\system32\\nbtstat.exe" (normalized: "c:\\windows\\system32\\nbtstat.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0077.906] SetFileTime (hFile=0x188, lpCreationTime=0x0, lpLastAccessTime=0x121f9f0, lpLastWriteTime=0x121f9f0) returned 0 [0077.906] GetFileSize (in: hFile=0x188, lpFileSizeHigh=0x121f9dc | out: lpFileSizeHigh=0x121f9dc*=0x0) returned 0x4600 [0077.906] SetFilePointer (in: hFile=0x188, lDistanceToMove=0, lpDistanceToMoveHigh=0x121f9e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x121f9e8*=0) returned 0x0 [0077.906] ReadFile (in: hFile=0x188, lpBuffer=0x9e6080, nNumberOfBytesToRead=0x4600, lpNumberOfBytesRead=0x121fa1c, lpOverlapped=0x0 | out: lpBuffer=0x9e6080*, lpNumberOfBytesRead=0x121fa1c*=0x4600, lpOverlapped=0x0) returned 1 [0077.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1"), fInfoLevelId=0x0, lpFileInformation=0x121f9ac | out: lpFileInformation=0x121f9ac*(dwFileAttributes=0x8a69, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x100f9cc, ftLastAccessTime.dwLowDateTime=0x77e5e003, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x121fd60, ftLastWriteTime.dwHighDateTime=0x121fcdc, nFileSizeHigh=0x2, nFileSizeLow=0x121fcb4)) returned 0 [0077.923] GetLastError () returned 0x2 [0077.923] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x2, hTemplateFile=0x0) returned 0x188 [0077.923] SetFileTime (hFile=0x188, lpCreationTime=0x0, lpLastAccessTime=0x121f9f0, lpLastWriteTime=0x121f9f0) returned 1 [0077.923] WriteFile (in: hFile=0x188, lpBuffer=0x9e6080*, nNumberOfBytesToWrite=0x4600, lpNumberOfBytesWritten=0x121fa1c, lpOverlapped=0x0 | out: lpBuffer=0x9e6080*, lpNumberOfBytesWritten=0x121fa1c*=0x4600, lpOverlapped=0x0) returned 1 [0077.925] NtClose (Handle=0x188) returned 0x0 [0077.926] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0077.926] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x9e13f0, nSize=0x200 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe")) returned 0x3a [0077.926] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe"), fInfoLevelId=0x0, lpFileInformation=0x121f9ac | out: lpFileInformation=0x121f9ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef914800, ftCreationTime.dwHighDateTime=0x1d0aa91, ftLastAccessTime.dwLowDateTime=0x5d3f1b80, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0xe2894000, ftLastWriteTime.dwHighDateTime=0x1d0aa22, nFileSizeHigh=0x0, nFileSizeLow=0x2c800)) returned 1 [0077.928] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0077.928] SetFileTime (hFile=0x16c, lpCreationTime=0x0, lpLastAccessTime=0x121f9f0, lpLastWriteTime=0x121f9f0) returned 0 [0077.929] GetFileSize (in: hFile=0x16c, lpFileSizeHigh=0x121f9dc | out: lpFileSizeHigh=0x121f9dc*=0x0) returned 0x2c800 [0077.929] SetFilePointer (in: hFile=0x16c, lDistanceToMove=0, lpDistanceToMoveHigh=0x121f9e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x121f9e8*=0) returned 0x0 [0077.929] ReadFile (in: hFile=0x16c, lpBuffer=0x9998a0, nNumberOfBytesToRead=0x2c800, lpNumberOfBytesRead=0x121fa1c, lpOverlapped=0x0 | out: lpBuffer=0x9998a0*, lpNumberOfBytesRead=0x121fa1c*=0x2c800, lpOverlapped=0x0) returned 1 [0077.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1:bin"), fInfoLevelId=0x0, lpFileInformation=0x121f9ac | out: lpFileInformation=0x121f9ac*(dwFileAttributes=0x121fcdc, ftCreationTime.dwLowDateTime=0x406d29, ftCreationTime.dwHighDateTime=0xab0000, ftLastAccessTime.dwLowDateTime=0x8, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x121fd60, ftLastWriteTime.dwHighDateTime=0x121fcdc, nFileSizeHigh=0x2, nFileSizeLow=0x121fcb4)) returned 0 [0077.934] GetLastError () returned 0x2 [0077.934] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1:bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x2, hTemplateFile=0x0) returned 0x16c [0077.935] SetFileTime (hFile=0x16c, lpCreationTime=0x0, lpLastAccessTime=0x121f9f0, lpLastWriteTime=0x121f9f0) returned 1 [0077.936] WriteFile (in: hFile=0x16c, lpBuffer=0x9998a0*, nNumberOfBytesToWrite=0x2c800, lpNumberOfBytesWritten=0x121fa1c, lpOverlapped=0x0 | out: lpBuffer=0x9998a0*, lpNumberOfBytesWritten=0x121fa1c*=0x2c800, lpOverlapped=0x0) returned 1 [0077.939] NtClose (Handle=0x16c) returned 0x0 [0077.941] CreateProcessAsUserW (in: hToken=0x158, lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin", lpCommandLine="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x121fcf8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x121fd50 | out: lpCommandLine="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin", lpProcessInformation=0x121fd50*(hProcess=0x188, hThread=0x16c, dwProcessId=0xad8, dwThreadId=0xadc)) returned 1 [0077.949] NtClose (Handle=0x16c) returned 0x0 [0077.949] NtClose (Handle=0x158) returned 0x0 [0077.949] GetLogicalDrives () returned 0x4 [0077.949] GetDriveTypeW (lpRootPathName="C:") returned 0x3 [0077.949] FindFirstFileExW (in: lpFileName="C:\\*", fInfoLevelId=0x1, lpFindFileData=0x121fadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121fadc) returned 0x2d1950 [0077.949] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0077.950] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 0 [0077.950] GetLastError () returned 0x12 [0077.950] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x121f990 | out: lpFileInformation=0x121f990*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a)) returned 1 [0077.952] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x121f990 | out: lpFileInformation=0x121f990*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a)) returned 1 [0077.952] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x121f990 | out: lpFileInformation=0x121f990*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.953] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x121f990 | out: lpFileInformation=0x121f990*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.953] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x121f990 | out: lpFileInformation=0x121f990*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x121fa7c, ftLastAccessTime.dwLowDateTime=0x40780f, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x121fa7c, ftLastWriteTime.dwHighDateTime=0x40a152, nFileSizeHigh=0x0, nFileSizeLow=0x18fe50)) returned 0 [0077.953] GetLastError () returned 0x20 [0077.953] GetFileAttributesExW (in: lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), fInfoLevelId=0x0, lpFileInformation=0x121f990 | out: lpFileInformation=0x121f990*(dwFileAttributes=0x3, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x121fa7c, ftLastAccessTime.dwLowDateTime=0x40780f, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x121fa7c, ftLastWriteTime.dwHighDateTime=0x40a152, nFileSizeHigh=0x0, nFileSizeLow=0x18fe50)) returned 0 [0077.953] GetLastError () returned 0x20 [0077.953] FindFirstFileExW (in: lpFileName="C:\\*", fInfoLevelId=0x1, lpFindFileData=0x121fadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121fadc) returned 0x2e6a30 [0077.954] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0077.954] GetFileAttributesExW (in: lpFileName="C:\\$Recycle.Bin" (normalized: "c:\\$recycle.bin"), fInfoLevelId=0x0, lpFileInformation=0x121fa10 | out: lpFileInformation=0x121fa10*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.955] CreateFileW (lpFileName="C:\\$Recycle.Bin" (normalized: "c:\\$recycle.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x158 [0077.955] SetFileTime (hFile=0x158, lpCreationTime=0x0, lpLastAccessTime=0x121fa54, lpLastWriteTime=0x121fa54) returned 0 [0077.955] DeviceIoControl (in: hDevice=0x158, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9e6080, nOutBufferSize=0x4000, lpBytesReturned=0x121faac, lpOverlapped=0x0 | out: lpOutBuffer=0x9e6080, lpBytesReturned=0x121faac, lpOverlapped=0x0) returned 0 [0077.955] FindFirstFileExW (in: lpFileName="C:\\$Recycle.Bin\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d1950 [0077.955] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0077.956] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0077.956] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0077.956] GetLastError () returned 0x12 [0077.956] FindFirstFileExW (in: lpFileName="C:\\$Recycle.Bin\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d13d0 [0077.956] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0077.956] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0077.956] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0077.956] GetFileAttributesExW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000"), fInfoLevelId=0x0, lpFileInformation=0x121f750 | out: lpFileInformation=0x121f750*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0077.956] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x158 [0077.956] SetFileTime (hFile=0x158, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0077.956] DeviceIoControl (in: hDevice=0x158, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9e6080, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9e6080, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0077.956] FindFirstFileExW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0077.956] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0078.016] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0078.016] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0078.016] GetLastError () returned 0x12 [0078.016] GetFileAttributesExW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x121f410 | out: lpFileInformation=0x121f410*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81)) returned 1 [0078.016] GetFileAttributesExW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x121f410 | out: lpFileInformation=0x121f410*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81)) returned 1 [0078.016] FindFirstFileExW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0078.016] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0078.017] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0078.017] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0078.017] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0078.017] GetLastError () returned 0x12 [0078.017] FindClose (in: hFindFile=0x2d1410 | out: hFindFile=0x2d1410) returned 1 [0078.017] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0078.017] GetLastError () returned 0x12 [0078.017] FindClose (in: hFindFile=0x2d13d0 | out: hFindFile=0x2d13d0) returned 1 [0078.017] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0078.017] GetFileAttributesExW (in: lpFileName="C:\\Boot" (normalized: "c:\\boot"), fInfoLevelId=0x0, lpFileInformation=0x121fa10 | out: lpFileInformation=0x121fa10*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0078.017] CreateFileW (lpFileName="C:\\Boot" (normalized: "c:\\boot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0078.018] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121fa54, lpLastWriteTime=0x121fa54) returned 0 [0078.018] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9e6080, nOutBufferSize=0x4000, lpBytesReturned=0x121faac, lpOverlapped=0x0 | out: lpOutBuffer=0x9e6080, lpBytesReturned=0x121faac, lpOverlapped=0x0) returned 0 [0078.018] FindFirstFileExW (in: lpFileName="C:\\Boot\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d1950 [0078.018] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0078.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0078.019] GetLastError () returned 0x12 [0078.019] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), fInfoLevelId=0x0, lpFileInformation=0x121f6d0 | out: lpFileInformation=0x121f6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x175e3d80, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x175e3d80, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0078.019] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), fInfoLevelId=0x0, lpFileInformation=0x121f6d0 | out: lpFileInformation=0x121f6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x175e3d80, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x175e3d80, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0078.020] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), fInfoLevelId=0x0, lpFileInformation=0x121f688 | out: lpFileInformation=0x121f688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x175e3d80, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x175e3d80, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0078.020] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0078.020] GetLastError () returned 0x20 [0078.020] GetCurrentProcessId () returned 0xa64 [0078.027] GetExitCodeProcess (in: hProcess=0x18c, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0078.027] ResetEvent (hEvent=0x118) returned 1 [0078.027] SetEvent (hEvent=0x114) returned 1 [0078.028] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x102 [0078.639] TerminateThread (hThread=0x77ea1ecd, dwExitCode=0x0) returned 0 [0078.639] NtClose (Handle=0x77ea1ecd) returned 0xc0000008 [0078.640] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40246c, lpParameter=0x18fee0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x194 [0078.641] ResetEvent (hEvent=0x118) returned 1 [0078.641] SetEvent (hEvent=0x114) returned 1 [0078.641] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0078.889] GetExitCodeProcess (in: hProcess=0x158, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0078.889] NtDuplicateObject (in: SourceProcessHandle=0x158, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0078.889] NtDuplicateObject (in: SourceProcessHandle=0x158, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x198) returned 0x0 [0078.889] ResetEvent (hEvent=0x118) returned 1 [0078.889] SetEvent (hEvent=0x114) returned 1 [0078.889] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.264] GetExitCodeProcess (in: hProcess=0x198, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.264] NtDuplicateObject (in: SourceProcessHandle=0x198, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.264] NtDuplicateObject (in: SourceProcessHandle=0x198, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x19c) returned 0x0 [0079.264] ResetEvent (hEvent=0x118) returned 1 [0079.265] SetEvent (hEvent=0x114) returned 1 [0079.265] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.270] GetExitCodeProcess (in: hProcess=0x19c, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.270] NtDuplicateObject (in: SourceProcessHandle=0x19c, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.270] NtDuplicateObject (in: SourceProcessHandle=0x19c, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1a0) returned 0x0 [0079.270] ResetEvent (hEvent=0x118) returned 1 [0079.270] SetEvent (hEvent=0x114) returned 1 [0079.270] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.284] GetExitCodeProcess (in: hProcess=0x1a0, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.284] NtDuplicateObject (in: SourceProcessHandle=0x1a0, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.284] NtDuplicateObject (in: SourceProcessHandle=0x1a0, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1a4) returned 0x0 [0079.284] ResetEvent (hEvent=0x118) returned 1 [0079.284] SetEvent (hEvent=0x114) returned 1 [0079.284] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.288] GetExitCodeProcess (in: hProcess=0x1a4, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.288] NtDuplicateObject (in: SourceProcessHandle=0x1a4, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.289] NtDuplicateObject (in: SourceProcessHandle=0x1a4, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1a8) returned 0x0 [0079.289] ResetEvent (hEvent=0x118) returned 1 [0079.289] SetEvent (hEvent=0x114) returned 1 [0079.289] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.298] GetExitCodeProcess (in: hProcess=0x1a8, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.298] NtDuplicateObject (in: SourceProcessHandle=0x1a8, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.298] NtDuplicateObject (in: SourceProcessHandle=0x1a8, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1ac) returned 0x0 [0079.298] ResetEvent (hEvent=0x118) returned 1 [0079.298] SetEvent (hEvent=0x114) returned 1 [0079.298] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.321] GetExitCodeProcess (in: hProcess=0x1ac, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.321] NtDuplicateObject (in: SourceProcessHandle=0x1ac, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.321] NtDuplicateObject (in: SourceProcessHandle=0x1ac, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1b0) returned 0x0 [0079.321] ResetEvent (hEvent=0x118) returned 1 [0079.321] SetEvent (hEvent=0x114) returned 1 [0079.321] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.391] GetExitCodeProcess (in: hProcess=0x1b0, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.391] NtDuplicateObject (in: SourceProcessHandle=0x1b0, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.391] NtDuplicateObject (in: SourceProcessHandle=0x1b0, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1b4) returned 0x0 [0079.391] ResetEvent (hEvent=0x118) returned 1 [0079.391] SetEvent (hEvent=0x114) returned 1 [0079.391] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.400] GetExitCodeProcess (in: hProcess=0x1b4, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.400] NtDuplicateObject (in: SourceProcessHandle=0x1b4, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.400] NtDuplicateObject (in: SourceProcessHandle=0x1b4, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1b8) returned 0x0 [0079.400] ResetEvent (hEvent=0x118) returned 1 [0079.400] SetEvent (hEvent=0x114) returned 1 [0079.400] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.403] GetExitCodeProcess (in: hProcess=0x1b8, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.403] NtDuplicateObject (in: SourceProcessHandle=0x1b8, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.403] NtDuplicateObject (in: SourceProcessHandle=0x1b8, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1bc) returned 0x0 [0079.403] ResetEvent (hEvent=0x118) returned 1 [0079.403] SetEvent (hEvent=0x114) returned 1 [0079.403] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.538] GetExitCodeProcess (in: hProcess=0x1bc, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.538] NtDuplicateObject (in: SourceProcessHandle=0x1bc, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.539] NtDuplicateObject (in: SourceProcessHandle=0x1bc, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1c0) returned 0x0 [0079.539] ResetEvent (hEvent=0x118) returned 1 [0079.539] SetEvent (hEvent=0x114) returned 1 [0079.539] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.549] GetExitCodeProcess (in: hProcess=0x1c0, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.549] NtDuplicateObject (in: SourceProcessHandle=0x1c0, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.549] NtDuplicateObject (in: SourceProcessHandle=0x1c0, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1c4) returned 0x0 [0079.549] ResetEvent (hEvent=0x118) returned 1 [0079.549] SetEvent (hEvent=0x114) returned 1 [0079.549] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.578] GetExitCodeProcess (in: hProcess=0x1c4, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.578] NtDuplicateObject (in: SourceProcessHandle=0x1c4, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.578] NtDuplicateObject (in: SourceProcessHandle=0x1c4, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1c8) returned 0x0 [0079.578] ResetEvent (hEvent=0x118) returned 1 [0079.578] SetEvent (hEvent=0x114) returned 1 [0079.579] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.580] GetExitCodeProcess (in: hProcess=0x1c8, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.580] NtDuplicateObject (in: SourceProcessHandle=0x1c8, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.580] NtDuplicateObject (in: SourceProcessHandle=0x1c8, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1cc) returned 0x0 [0079.584] ResetEvent (hEvent=0x118) returned 1 [0079.585] SetEvent (hEvent=0x114) returned 1 [0079.585] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.586] GetExitCodeProcess (in: hProcess=0x1cc, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.586] NtDuplicateObject (in: SourceProcessHandle=0x1cc, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.586] NtDuplicateObject (in: SourceProcessHandle=0x1cc, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1d0) returned 0x0 [0079.587] ResetEvent (hEvent=0x118) returned 1 [0079.587] SetEvent (hEvent=0x114) returned 1 [0079.587] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.589] GetExitCodeProcess (in: hProcess=0x1d0, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.590] NtDuplicateObject (in: SourceProcessHandle=0x1d0, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.590] NtDuplicateObject (in: SourceProcessHandle=0x1d0, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1d4) returned 0x0 [0079.590] ResetEvent (hEvent=0x118) returned 1 [0079.590] SetEvent (hEvent=0x114) returned 1 [0079.590] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.591] GetExitCodeProcess (in: hProcess=0x1d4, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.592] NtDuplicateObject (in: SourceProcessHandle=0x1d4, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.592] NtDuplicateObject (in: SourceProcessHandle=0x1d4, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1d8) returned 0x0 [0079.592] ResetEvent (hEvent=0x118) returned 1 [0079.592] SetEvent (hEvent=0x114) returned 1 [0079.592] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.593] GetExitCodeProcess (in: hProcess=0x1d8, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.593] NtDuplicateObject (in: SourceProcessHandle=0x1d8, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.594] NtDuplicateObject (in: SourceProcessHandle=0x1d8, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1dc) returned 0x0 [0079.594] ResetEvent (hEvent=0x118) returned 1 [0079.594] SetEvent (hEvent=0x114) returned 1 [0079.594] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.596] GetExitCodeProcess (in: hProcess=0x1dc, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.596] NtDuplicateObject (in: SourceProcessHandle=0x1dc, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.596] NtDuplicateObject (in: SourceProcessHandle=0x1dc, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1e0) returned 0x0 [0079.596] ResetEvent (hEvent=0x118) returned 1 [0079.596] SetEvent (hEvent=0x114) returned 1 [0079.596] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.598] GetExitCodeProcess (in: hProcess=0x1e0, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.598] NtDuplicateObject (in: SourceProcessHandle=0x1e0, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.598] NtDuplicateObject (in: SourceProcessHandle=0x1e0, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1e4) returned 0x0 [0079.598] ResetEvent (hEvent=0x118) returned 1 [0079.598] SetEvent (hEvent=0x114) returned 1 [0079.598] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.600] GetExitCodeProcess (in: hProcess=0x1e4, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.600] NtDuplicateObject (in: SourceProcessHandle=0x1e4, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.600] NtDuplicateObject (in: SourceProcessHandle=0x1e4, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1e8) returned 0x0 [0079.600] ResetEvent (hEvent=0x118) returned 1 [0079.600] SetEvent (hEvent=0x114) returned 1 [0079.600] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.602] GetExitCodeProcess (in: hProcess=0x1e8, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.603] GetExitCodeProcess (in: hProcess=0x1ec, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.604] NtDuplicateObject (in: SourceProcessHandle=0x1ec, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.604] NtDuplicateObject (in: SourceProcessHandle=0x1ec, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1f0) returned 0x0 [0079.604] ResetEvent (hEvent=0x118) returned 1 [0079.604] SetEvent (hEvent=0x114) returned 1 [0079.604] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.606] GetExitCodeProcess (in: hProcess=0x1f0, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.606] NtDuplicateObject (in: SourceProcessHandle=0x1f0, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.606] NtDuplicateObject (in: SourceProcessHandle=0x1f0, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1f4) returned 0x0 [0079.606] ResetEvent (hEvent=0x118) returned 1 [0079.606] SetEvent (hEvent=0x114) returned 1 [0079.606] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.608] GetExitCodeProcess (in: hProcess=0x1f4, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.608] NtDuplicateObject (in: SourceProcessHandle=0x1f4, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.608] NtDuplicateObject (in: SourceProcessHandle=0x1f4, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1f8) returned 0x0 [0079.608] ResetEvent (hEvent=0x118) returned 1 [0079.609] SetEvent (hEvent=0x114) returned 1 [0079.609] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.610] GetExitCodeProcess (in: hProcess=0x1f8, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.610] NtDuplicateObject (in: SourceProcessHandle=0x1f8, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.610] NtDuplicateObject (in: SourceProcessHandle=0x1f8, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x1fc) returned 0x0 [0079.610] ResetEvent (hEvent=0x118) returned 1 [0079.610] SetEvent (hEvent=0x114) returned 1 [0079.611] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.658] GetExitCodeProcess (in: hProcess=0x1fc, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.658] NtDuplicateObject (in: SourceProcessHandle=0x1fc, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.659] NtDuplicateObject (in: SourceProcessHandle=0x1fc, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x200) returned 0x0 [0079.659] ResetEvent (hEvent=0x118) returned 1 [0079.659] SetEvent (hEvent=0x114) returned 1 [0079.660] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.661] GetExitCodeProcess (in: hProcess=0x200, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.662] NtDuplicateObject (in: SourceProcessHandle=0x200, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.662] NtDuplicateObject (in: SourceProcessHandle=0x200, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x204) returned 0x0 [0079.662] ResetEvent (hEvent=0x118) returned 1 [0079.663] SetEvent (hEvent=0x114) returned 1 [0079.664] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.668] GetExitCodeProcess (in: hProcess=0x204, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.668] NtDuplicateObject (in: SourceProcessHandle=0x204, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.669] NtDuplicateObject (in: SourceProcessHandle=0x204, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x208) returned 0x0 [0079.669] ResetEvent (hEvent=0x118) returned 1 [0079.669] SetEvent (hEvent=0x114) returned 1 [0079.670] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.674] GetExitCodeProcess (in: hProcess=0x208, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.674] NtDuplicateObject (in: SourceProcessHandle=0x208, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.675] NtDuplicateObject (in: SourceProcessHandle=0x208, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x20c) returned 0x0 [0079.675] ResetEvent (hEvent=0x118) returned 1 [0079.675] SetEvent (hEvent=0x114) returned 1 [0079.676] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.679] GetExitCodeProcess (in: hProcess=0x20c, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.679] NtDuplicateObject (in: SourceProcessHandle=0x20c, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.679] NtDuplicateObject (in: SourceProcessHandle=0x20c, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x210) returned 0x0 [0079.679] ResetEvent (hEvent=0x118) returned 1 [0079.679] SetEvent (hEvent=0x114) returned 1 [0079.679] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.688] GetExitCodeProcess (in: hProcess=0x210, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.688] NtDuplicateObject (in: SourceProcessHandle=0x210, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.689] NtDuplicateObject (in: SourceProcessHandle=0x210, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x214) returned 0x0 [0079.689] ResetEvent (hEvent=0x118) returned 1 [0079.689] SetEvent (hEvent=0x114) returned 1 [0079.690] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.702] GetExitCodeProcess (in: hProcess=0x214, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.703] NtDuplicateObject (in: SourceProcessHandle=0x214, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.703] NtDuplicateObject (in: SourceProcessHandle=0x214, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x218) returned 0x0 [0079.703] ResetEvent (hEvent=0x118) returned 1 [0079.703] SetEvent (hEvent=0x114) returned 1 [0079.704] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.706] GetExitCodeProcess (in: hProcess=0x218, lpExitCode=0x121f680 | out: lpExitCode=0x121f680*=0x103) returned 1 [0079.706] NtDuplicateObject (in: SourceProcessHandle=0x218, SourceHandle=0x4, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x0) returned 0xc0000022 [0079.706] NtDuplicateObject (in: SourceProcessHandle=0x218, SourceHandle=0x8, TargetProcessHandle=0xffffffff, TargetHandle=0x121f6e0, DesiredAccess=0x80000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0x121f6e0*=0x21c) returned 0x0 [0079.706] ResetEvent (hEvent=0x118) returned 1 [0079.706] SetEvent (hEvent=0x114) returned 1 [0079.707] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x1f4) returned 0x0 [0079.708] GetProcessImageFileNameW (in: hProcess=0x18c, lpImageFileName=0x9ea888, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\smss.exe") returned 0x31 [0079.708] GetProcessTimes (in: hProcess=0x18c, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0079.708] OpenProcessToken (in: ProcessHandle=0x18c, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0079.709] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0079.709] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e5f38, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e5f38, ReturnLength=0x121f5e8) returned 1 [0079.709] GetSidSubAuthorityCount (pSid=0x9e5f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e5f41 [0079.709] GetSidSubAuthority (pSid=0x9e5f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e5f48 [0082.351] GetProcessImageFileNameW (in: hProcess=0x158, lpImageFileName=0x9ea888, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\csrss.exe") returned 0x32 [0082.351] GetProcessTimes (in: hProcess=0x158, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.351] OpenProcessToken (in: ProcessHandle=0x158, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.351] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.351] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.351] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.351] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.361] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff2a3000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a3000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.361] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff2a4000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a4000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.361] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff2a5000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a5000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x2000), ResultLength=0x0) returned 0x0 [0082.361] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff2a7000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a7000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x8000), ResultLength=0x0) returned 0x0 [0082.361] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff2af000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2af000, AllocationBase=0x7fe, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0x101000), ResultLength=0x0) returned 0x0 [0082.361] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff3b0000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff3b0000, AllocationBase=0x7fe, AllocationProtect=0xff3b0000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.362] NtQueryVirtualMemory (in: ProcessHandle=0x158, Address=0x7feff3b0000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0x9e8080, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e8080*(SectionFileName.Length=0x60, SectionFileName.MaximumLength=0x62, SectionFileName.Buffer="\\Device\\HarddiskVolume1\\Windows\\System32\\lpk.dll"), ResultLength=0x0) returned 0x0 [0082.363] GetProcessImageFileNameW (in: hProcess=0x198, lpImageFileName=0x9ed088, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\wininit.exe") returned 0x34 [0082.364] GetProcessTimes (in: hProcess=0x198, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.364] OpenProcessToken (in: ProcessHandle=0x198, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.364] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.364] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.364] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.364] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.437] GetProcessImageFileNameW (in: hProcess=0x19c, lpImageFileName=0x9ed088, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\csrss.exe") returned 0x32 [0082.438] GetProcessTimes (in: hProcess=0x19c, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.438] OpenProcessToken (in: ProcessHandle=0x19c, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.438] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.438] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.438] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.438] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.475] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff2a3000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a3000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.475] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff2a4000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a4000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.476] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff2a5000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a5000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x2000), ResultLength=0x0) returned 0x0 [0082.476] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff2a7000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2a7000, AllocationBase=0x7fe, AllocationProtect=0xff210000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x8000), ResultLength=0x0) returned 0x0 [0082.476] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff2af000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff2af000, AllocationBase=0x7fe, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0x101000), ResultLength=0x0) returned 0x0 [0082.476] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff3b0000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff3b0000, AllocationBase=0x7fe, AllocationProtect=0xff3b0000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.476] NtQueryVirtualMemory (in: ProcessHandle=0x19c, Address=0x7feff3b0000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0x9e8080, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e8080*(SectionFileName.Length=0x60, SectionFileName.MaximumLength=0x62, SectionFileName.Buffer="\\Device\\HarddiskVolume1\\Windows\\System32\\lpk.dll"), ResultLength=0x0) returned 0x0 [0082.478] GetProcessImageFileNameW (in: hProcess=0x1a0, lpImageFileName=0x9ed888, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\winlogon.exe") returned 0x35 [0082.478] GetProcessTimes (in: hProcess=0x1a0, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.478] OpenProcessToken (in: ProcessHandle=0x1a0, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.478] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.478] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.478] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.479] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1361000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1361000, AllocationBase=0x0, AllocationProtect=0x1360000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x2c000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x138d000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x138d000, AllocationBase=0x0, AllocationProtect=0x1360000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x138e000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x138e000, AllocationBase=0x0, AllocationProtect=0x1360000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0xd2000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1460000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1460000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0x10000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1470000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1470000, AllocationBase=0x0, AllocationProtect=0x1470000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0xc000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x147c000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x147c000, AllocationBase=0x0, AllocationProtect=0x1470000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x74000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x14f0000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x14f0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0x90000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1580000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1580000, AllocationBase=0x0, AllocationProtect=0x1580000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1581000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1581000, AllocationBase=0x0, AllocationProtect=0x1580000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0xff000), ResultLength=0x0) returned 0x0 [0082.482] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1680000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1680000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0x80000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1700000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1700000, AllocationBase=0x0, AllocationProtect=0x1700000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x1e000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x171e000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x171e000, AllocationBase=0x0, AllocationProtect=0x1700000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x171f000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x171f000, AllocationBase=0x0, AllocationProtect=0x1700000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x5c000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x177b000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x177b000, AllocationBase=0x0, AllocationProtect=0x1700000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x4000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x177f000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x177f000, AllocationBase=0x0, AllocationProtect=0x1700000, RegionSize=0x0, State=0x4, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1780000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0x1780000, AllocationBase=0x0, AllocationProtect=0x1780000, RegionSize=0x0, State=0x2, Protect=0xfffff8a0, Type=0x2cf000), ResultLength=0x0) returned 0x0 [0082.483] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x1780000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0x9e8080, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e8080*(SectionFileName.Length=0x8a, SectionFileName.MaximumLength=0x8c, SectionFileName.Buffer="\\Device\\HarddiskVolume1\\Windows\\Globalization\\Sorting\\SortDefault.nls"), ResultLength=0x0) returned 0x0 [0082.486] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0xff537000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff537000, AllocationBase=0x0, AllocationProtect=0xff4e0000, RegionSize=0x0, State=0x80, Protect=0xfffff8a0, Type=0x2000), ResultLength=0x0) returned 0x0 [0082.486] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0xff539000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff539000, AllocationBase=0x0, AllocationProtect=0xff4e0000, RegionSize=0x0, State=0x80, Protect=0xfffff8a0, Type=0x9000), ResultLength=0x0) returned 0x0 [0082.486] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0xff542000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xff542000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0xfb55e000), ResultLength=0x0) returned 0x0 [0082.486] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefaaa0000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfaaa0000, AllocationBase=0x7fe, AllocationProtect=0xfaaa0000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.487] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefaaa0000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0x9e8080, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e8080*(SectionFileName.Length=0x60, SectionFileName.MaximumLength=0x62, SectionFileName.Buffer="\\Device\\HarddiskVolume1\\Windows\\System32\\mpr.dll"), ResultLength=0x0) returned 0x0 [0082.490] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd1cf000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfd1cf000, AllocationBase=0x7fe, AllocationProtect=0xfd190000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.490] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd1d0000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfd1d0000, AllocationBase=0x7fe, AllocationProtect=0xfd190000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.490] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd1d1000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfd1d1000, AllocationBase=0x7fe, AllocationProtect=0xfd190000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.490] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd1d2000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfd1d2000, AllocationBase=0x7fe, AllocationProtect=0xfd190000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x5000), ResultLength=0x0) returned 0x0 [0082.490] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd1d7000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfd1d7000, AllocationBase=0x7fe, AllocationProtect=0x0, RegionSize=0x0, State=0x0, Protect=0xfffff8a0, Type=0x2b9000), ResultLength=0x0) returned 0x0 [0082.490] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd490000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x9e5ef0, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e5ef0*(BaseAddress=0xfd490000, AllocationBase=0x7fe, AllocationProtect=0xfd490000, RegionSize=0x7fe, State=0x80, Protect=0xfffff8a0, Type=0x1000), ResultLength=0x0) returned 0x0 [0082.531] NtQueryVirtualMemory (in: ProcessHandle=0x1a0, Address=0x7fefd490000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0x9e8080, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0x9e8080*(SectionFileName.Length=0x68, SectionFileName.MaximumLength=0x6a, SectionFileName.Buffer="\\Device\\HarddiskVolume1\\Windows\\System32\\cryptsp.dll"), ResultLength=0x0) returned 0x0 [0082.537] GetProcessImageFileNameW (in: hProcess=0x1a4, lpImageFileName=0x9d2de8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\services.exe") returned 0x35 [0082.540] GetProcessTimes (in: hProcess=0x1a4, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.540] OpenProcessToken (in: ProcessHandle=0x1a4, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.541] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.541] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.541] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.541] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.560] GetProcessImageFileNameW (in: hProcess=0x1a8, lpImageFileName=0x9d4de8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsass.exe") returned 0x32 [0082.560] GetProcessTimes (in: hProcess=0x1a8, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.560] OpenProcessToken (in: ProcessHandle=0x1a8, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.560] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.560] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.560] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.560] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.642] GetProcessImageFileNameW (in: hProcess=0x1ac, lpImageFileName=0x9d7de8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\lsm.exe") returned 0x30 [0082.642] GetProcessTimes (in: hProcess=0x1ac, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.642] OpenProcessToken (in: ProcessHandle=0x1ac, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.643] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.643] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.643] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0082.643] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0082.665] GetProcessImageFileNameW (in: hProcess=0x1b0, lpImageFileName=0x9d7de8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0082.665] GetProcessTimes (in: hProcess=0x1b0, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.666] OpenProcessToken (in: ProcessHandle=0x1b0, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.666] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.666] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.666] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0082.666] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0082.740] GetProcessImageFileNameW (in: hProcess=0x1b4, lpImageFileName=0x9dabf0, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0082.740] GetProcessTimes (in: hProcess=0x1b4, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.740] OpenProcessToken (in: ProcessHandle=0x1b4, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.740] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.740] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.740] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0082.740] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0082.753] GetProcessImageFileNameW (in: hProcess=0x1b8, lpImageFileName=0x9dac70, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0082.753] GetProcessTimes (in: hProcess=0x1b8, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0082.753] OpenProcessToken (in: ProcessHandle=0x1b8, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0082.753] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0082.753] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0082.753] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0082.753] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.162] GetProcessImageFileNameW (in: hProcess=0x1bc, lpImageFileName=0x9f7888, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskeng.exe") returned 0x34 [0083.163] GetProcessTimes (in: hProcess=0x1bc, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.163] OpenProcessToken (in: ProcessHandle=0x1bc, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.163] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.163] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.163] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e6019 [0083.163] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e6020 [0083.227] GetProcessImageFileNameW (in: hProcess=0x1c0, lpImageFileName=0x9f4638, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\taskhost.exe") returned 0x35 [0083.227] GetProcessTimes (in: hProcess=0x1c0, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.227] OpenProcessToken (in: ProcessHandle=0x1c0, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.227] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.227] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.227] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x9e6019 [0083.227] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x9e6020 [0083.252] GetProcessImageFileNameW (in: hProcess=0x1c4, lpImageFileName=0x9f83d0, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Internet Explorer\\transportationporval.exe") returned 0x56 [0083.253] GetProcessTimes (in: hProcess=0x1c4, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.253] OpenProcessToken (in: ProcessHandle=0x1c4, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.253] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.253] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.253] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.253] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.264] GetProcessImageFileNameW (in: hProcess=0x1c8, lpImageFileName=0x9f7888, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\liverpool-brazil-kind-researchers.exe") returned 0x6d [0083.264] GetProcessTimes (in: hProcess=0x1c8, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.264] OpenProcessToken (in: ProcessHandle=0x1c8, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.264] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.264] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.264] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.264] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.495] GetProcessImageFileNameW (in: hProcess=0x1cc, lpImageFileName=0x9f7888, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\azerbaijan australia map.exe") returned 0x54 [0083.495] GetProcessTimes (in: hProcess=0x1cc, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.495] OpenProcessToken (in: ProcessHandle=0x1cc, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.496] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.496] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.496] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.496] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.507] GetProcessImageFileNameW (in: hProcess=0x1d0, lpImageFileName=0xa00cd8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Microsoft Analysis Services\\seattleconvertible.exe") returned 0x5e [0083.507] GetProcessTimes (in: hProcess=0x1d0, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.507] OpenProcessToken (in: ProcessHandle=0x1d0, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.507] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.507] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.508] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.508] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.518] GetProcessImageFileNameW (in: hProcess=0x1d4, lpImageFileName=0xa00cd8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Portable Devices\\camps_part_october.exe") returned 0x55 [0083.518] GetProcessTimes (in: hProcess=0x1d4, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.518] OpenProcessToken (in: ProcessHandle=0x1d4, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.518] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.518] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.518] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.518] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.529] GetProcessImageFileNameW (in: hProcess=0x1d8, lpImageFileName=0xa014d8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Portable Devices\\fskaslidesoregon.exe") returned 0x59 [0083.529] GetProcessTimes (in: hProcess=0x1d8, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.529] OpenProcessToken (in: ProcessHandle=0x1d8, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.529] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.529] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.529] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.529] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.581] GetProcessImageFileNameW (in: hProcess=0x1dc, lpImageFileName=0xa065a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Synchronization Services\\ny surge discounts.exe") returned 0x5f [0083.581] GetProcessTimes (in: hProcess=0x1dc, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.581] OpenProcessToken (in: ProcessHandle=0x1dc, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.581] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.581] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.581] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.581] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.595] GetProcessImageFileNameW (in: hProcess=0x1e0, lpImageFileName=0xa075a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Internet Explorer\\furniture-cg.exe") returned 0x48 [0083.595] GetProcessTimes (in: hProcess=0x1e0, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.595] OpenProcessToken (in: ProcessHandle=0x1e0, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.595] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.595] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.595] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.595] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.672] GetProcessImageFileNameW (in: hProcess=0x1e4, lpImageFileName=0xa014d8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Journal\\angry_region_seconds.exe") returned 0x4e [0083.672] GetProcessTimes (in: hProcess=0x1e4, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.672] OpenProcessToken (in: ProcessHandle=0x1e4, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.678] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.678] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.678] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.678] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.688] GetProcessImageFileNameW (in: hProcess=0x1e8, lpImageFileName=0xa014d8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\soviet-nutten-samples-configured.exe") returned 0x5f [0083.689] GetProcessTimes (in: hProcess=0x1e8, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.689] OpenProcessToken (in: ProcessHandle=0x1e8, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.689] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.689] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.689] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.689] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.701] GetProcessImageFileNameW (in: hProcess=0x1ec, lpImageFileName=0xa014d8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Sidebar\\picture_pk.exe") returned 0x44 [0083.701] GetProcessTimes (in: hProcess=0x1ec, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.701] OpenProcessToken (in: ProcessHandle=0x1ec, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.701] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.701] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.701] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.701] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.781] GetProcessImageFileNameW (in: hProcess=0x1f0, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Google\\wishes_pixels_reflected_edgar.exe") returned 0x54 [0083.781] GetProcessTimes (in: hProcess=0x1f0, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.781] OpenProcessToken (in: ProcessHandle=0x1f0, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.781] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.781] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.782] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.782] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.794] GetProcessImageFileNameW (in: hProcess=0x1f4, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Windows Photo Viewer\\nyc-actor-fault-logistics.exe") returned 0x5e [0083.794] GetProcessTimes (in: hProcess=0x1f4, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.794] OpenProcessToken (in: ProcessHandle=0x1f4, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.794] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.794] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.794] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.794] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.805] GetProcessImageFileNameW (in: hProcess=0x1f8, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\duration_electricity_columbia_estate.exe") returned 0x63 [0083.806] GetProcessTimes (in: hProcess=0x1f8, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.806] OpenProcessToken (in: ProcessHandle=0x1f8, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.806] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.806] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.806] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.806] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.816] GetProcessImageFileNameW (in: hProcess=0x1fc, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Windows Photo Viewer\\prominent.exe") returned 0x48 [0083.912] GetProcessTimes (in: hProcess=0x1fc, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.912] OpenProcessToken (in: ProcessHandle=0x1fc, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.912] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.912] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.912] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.912] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.924] GetProcessImageFileNameW (in: hProcess=0x200, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files (x86)\\Java\\after practical kiss sir.exe") returned 0x4d [0083.925] GetProcessTimes (in: hProcess=0x200, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.925] OpenProcessToken (in: ProcessHandle=0x200, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.925] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.925] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.925] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.925] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.935] GetProcessImageFileNameW (in: hProcess=0x204, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Reference Assemblies\\epson-pressing-camera.exe") returned 0x54 [0083.935] GetProcessTimes (in: hProcess=0x204, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.935] OpenProcessToken (in: ProcessHandle=0x204, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.935] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.935] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.935] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.935] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0083.950] GetProcessImageFileNameW (in: hProcess=0x208, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Microsoft Sync Framework\\baptist-extraction.exe") returned 0x55 [0083.950] GetProcessTimes (in: hProcess=0x208, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0083.950] OpenProcessToken (in: ProcessHandle=0x208, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0083.950] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0083.950] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0083.950] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0083.950] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0084.034] GetProcessImageFileNameW (in: hProcess=0x20c, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\Common Files\\challenged.exe") returned 0x41 [0084.035] GetProcessTimes (in: hProcess=0x20c, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0084.035] OpenProcessToken (in: ProcessHandle=0x20c, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0084.035] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0084.035] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0084.035] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0084.038] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0084.055] GetProcessImageFileNameW (in: hProcess=0x210, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Program Files\\MSBuild\\rhode-jay.exe") returned 0x3b [0084.056] GetProcessTimes (in: hProcess=0x210, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0084.056] OpenProcessToken (in: ProcessHandle=0x210, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0084.056] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0084.056] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0084.056] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9e6019 [0084.056] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9e6020 [0084.115] GetProcessImageFileNameW (in: hProcess=0x214, lpImageFileName=0xa1e4b8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\vssadmin.exe") returned 0x35 [0084.115] GetProcessTimes (in: hProcess=0x214, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0084.115] OpenProcessToken (in: ProcessHandle=0x214, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0084.115] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0084.115] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0084.115] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e6019 [0084.115] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e6020 [0084.134] GetProcessImageFileNameW (in: hProcess=0x218, lpImageFileName=0xa095a8, nSize=0x200 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\conhost.exe") returned 0x34 [0084.134] GetProcessTimes (in: hProcess=0x218, lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c | out: lpCreationTime=0x121f624, lpExitTime=0x121f61c, lpKernelTime=0x121f61c, lpUserTime=0x121f61c) returned 1 [0084.134] OpenProcessToken (in: ProcessHandle=0x218, DesiredAccess=0x8, TokenHandle=0x121f5ec | out: TokenHandle=0x121f5ec*=0x21c) returned 1 [0084.134] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x121f5e8 | out: TokenInformation=0x0, ReturnLength=0x121f5e8) returned 0 [0084.134] GetTokenInformation (in: TokenHandle=0x21c, TokenInformationClass=0x19, TokenInformation=0x9e6010, TokenInformationLength=0x14, ReturnLength=0x121f5e8 | out: TokenInformation=0x9e6010, ReturnLength=0x121f5e8) returned 1 [0084.134] GetSidSubAuthorityCount (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x9e6019 [0084.134] GetSidSubAuthority (pSid=0x9e6018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x9e6020 [0084.145] QueryDosDeviceW (in: lpDeviceName="C:", lpTargetPath=0xa095a8, ucchMax=0x200 | out: lpTargetPath="\\Device\\HarddiskVolume1") returned 0x19 [0084.147] FindFirstFileExW (in: lpFileName="C:\\Boot\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d13d0 [0084.147] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.147] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.147] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.148] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.148] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.148] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.148] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.148] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.148] CreateFileW (lpFileName="C:\\Boot\\cs-CZ" (normalized: "c:\\boot\\cs-cz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.149] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.149] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.149] FindFirstFileExW (in: lpFileName="C:\\Boot\\cs-CZ\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.149] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.150] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.150] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.150] GetLastError () returned 0x12 [0084.151] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.151] GetLastError () returned 0x5 [0084.151] FindFirstFileExW (in: lpFileName="C:\\Boot\\cs-CZ\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.152] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.152] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.152] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.152] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.152] GetLastError () returned 0x12 [0084.152] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.152] CreateFileW (lpFileName="C:\\Boot\\da-DK" (normalized: "c:\\boot\\da-dk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.153] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.153] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.153] FindFirstFileExW (in: lpFileName="C:\\Boot\\da-DK\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.153] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.154] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.154] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.154] GetLastError () returned 0x12 [0084.155] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.156] GetLastError () returned 0x5 [0084.156] FindFirstFileExW (in: lpFileName="C:\\Boot\\da-DK\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.156] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.156] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.156] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.156] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.156] GetLastError () returned 0x12 [0084.156] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.156] CreateFileW (lpFileName="C:\\Boot\\de-DE" (normalized: "c:\\boot\\de-de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.157] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.157] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.157] FindFirstFileExW (in: lpFileName="C:\\Boot\\de-DE\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.157] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.158] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.158] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.158] GetLastError () returned 0x12 [0084.158] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.158] GetLastError () returned 0x5 [0084.158] FindFirstFileExW (in: lpFileName="C:\\Boot\\de-DE\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.158] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.159] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.159] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.159] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.159] GetLastError () returned 0x12 [0084.159] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.159] CreateFileW (lpFileName="C:\\Boot\\el-GR" (normalized: "c:\\boot\\el-gr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.207] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.207] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.207] FindFirstFileExW (in: lpFileName="C:\\Boot\\el-GR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.208] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.208] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.208] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.208] GetLastError () returned 0x12 [0084.209] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.209] GetLastError () returned 0x5 [0084.209] FindFirstFileExW (in: lpFileName="C:\\Boot\\el-GR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.209] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.209] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.210] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.210] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.210] GetLastError () returned 0x12 [0084.210] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.210] CreateFileW (lpFileName="C:\\Boot\\en-US" (normalized: "c:\\boot\\en-us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.211] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.211] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.211] FindFirstFileExW (in: lpFileName="C:\\Boot\\en-US\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.211] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.212] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.212] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.212] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.212] GetLastError () returned 0x12 [0084.213] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.213] GetLastError () returned 0x5 [0084.213] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.213] GetLastError () returned 0x5 [0084.213] FindFirstFileExW (in: lpFileName="C:\\Boot\\en-US\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.214] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.214] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.214] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.214] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.214] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.214] GetLastError () returned 0x12 [0084.214] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.216] CreateFileW (lpFileName="C:\\Boot\\es-ES" (normalized: "c:\\boot\\es-es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.216] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.216] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.216] FindFirstFileExW (in: lpFileName="C:\\Boot\\es-ES\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.217] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.217] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.217] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.217] GetLastError () returned 0x12 [0084.218] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.218] GetLastError () returned 0x5 [0084.218] FindFirstFileExW (in: lpFileName="C:\\Boot\\es-ES\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.218] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.218] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.218] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.218] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.218] GetLastError () returned 0x12 [0084.218] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.219] CreateFileW (lpFileName="C:\\Boot\\fi-FI" (normalized: "c:\\boot\\fi-fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.219] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.219] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.219] FindFirstFileExW (in: lpFileName="C:\\Boot\\fi-FI\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.219] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.220] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.220] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.220] GetLastError () returned 0x12 [0084.221] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.221] GetLastError () returned 0x5 [0084.221] FindFirstFileExW (in: lpFileName="C:\\Boot\\fi-FI\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.222] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.222] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.222] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.222] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.222] GetLastError () returned 0x12 [0084.222] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.223] CreateFileW (lpFileName="C:\\Boot\\Fonts" (normalized: "c:\\boot\\fonts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.224] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.224] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.224] FindFirstFileExW (in: lpFileName="C:\\Boot\\Fonts\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.224] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.225] GetLastError () returned 0x12 [0084.226] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.226] GetLastError () returned 0x5 [0084.227] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.227] GetLastError () returned 0x5 [0084.227] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.227] GetLastError () returned 0x5 [0084.227] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.227] GetLastError () returned 0x5 [0084.227] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.228] GetLastError () returned 0x5 [0084.228] FindFirstFileExW (in: lpFileName="C:\\Boot\\Fonts\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.228] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.228] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.228] GetLastError () returned 0x12 [0084.228] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.229] CreateFileW (lpFileName="C:\\Boot\\fr-FR" (normalized: "c:\\boot\\fr-fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.229] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.229] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.230] FindFirstFileExW (in: lpFileName="C:\\Boot\\fr-FR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.230] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.230] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.231] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.231] GetLastError () returned 0x12 [0084.231] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.231] GetLastError () returned 0x5 [0084.231] FindFirstFileExW (in: lpFileName="C:\\Boot\\fr-FR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.232] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.232] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.232] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.232] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.232] GetLastError () returned 0x12 [0084.232] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.236] CreateFileW (lpFileName="C:\\Boot\\hu-HU" (normalized: "c:\\boot\\hu-hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.237] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.237] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.238] FindFirstFileExW (in: lpFileName="C:\\Boot\\hu-HU\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.238] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.240] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.240] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.240] GetLastError () returned 0x12 [0084.241] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.242] GetLastError () returned 0x5 [0084.242] FindFirstFileExW (in: lpFileName="C:\\Boot\\hu-HU\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.242] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.242] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.242] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.243] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.243] GetLastError () returned 0x12 [0084.243] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.246] CreateFileW (lpFileName="C:\\Boot\\it-IT" (normalized: "c:\\boot\\it-it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.247] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.247] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.247] FindFirstFileExW (in: lpFileName="C:\\Boot\\it-IT\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.247] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.248] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.248] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.248] GetLastError () returned 0x12 [0084.249] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.249] GetLastError () returned 0x5 [0084.249] FindFirstFileExW (in: lpFileName="C:\\Boot\\it-IT\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.249] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.249] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.249] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.249] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.249] GetLastError () returned 0x12 [0084.250] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.250] CreateFileW (lpFileName="C:\\Boot\\ja-JP" (normalized: "c:\\boot\\ja-jp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.251] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.251] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.251] FindFirstFileExW (in: lpFileName="C:\\Boot\\ja-JP\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.251] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.252] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.252] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.252] GetLastError () returned 0x12 [0084.253] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.253] GetLastError () returned 0x5 [0084.253] FindFirstFileExW (in: lpFileName="C:\\Boot\\ja-JP\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.369] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.370] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.370] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.370] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.370] GetLastError () returned 0x12 [0084.371] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.412] CreateFileW (lpFileName="C:\\Boot\\ko-KR" (normalized: "c:\\boot\\ko-kr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.412] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.412] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.413] FindFirstFileExW (in: lpFileName="C:\\Boot\\ko-KR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.413] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.413] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.413] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.413] GetLastError () returned 0x12 [0084.414] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.414] GetLastError () returned 0x5 [0084.414] FindFirstFileExW (in: lpFileName="C:\\Boot\\ko-KR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.414] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.414] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.414] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.414] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.414] GetLastError () returned 0x12 [0084.414] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.414] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.415] CreateFileW (lpFileName="C:\\Boot\\nb-NO" (normalized: "c:\\boot\\nb-no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.415] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.416] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.416] FindFirstFileExW (in: lpFileName="C:\\Boot\\nb-NO\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.416] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.416] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.416] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.416] GetLastError () returned 0x12 [0084.464] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.464] GetLastError () returned 0x5 [0084.464] FindFirstFileExW (in: lpFileName="C:\\Boot\\nb-NO\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.465] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.465] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.465] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.465] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.465] GetLastError () returned 0x12 [0084.465] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.465] CreateFileW (lpFileName="C:\\Boot\\nl-NL" (normalized: "c:\\boot\\nl-nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.466] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.466] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.466] FindFirstFileExW (in: lpFileName="C:\\Boot\\nl-NL\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.466] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.466] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.466] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.466] GetLastError () returned 0x12 [0084.467] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.467] GetLastError () returned 0x5 [0084.467] FindFirstFileExW (in: lpFileName="C:\\Boot\\nl-NL\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.467] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.467] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.467] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.467] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.467] GetLastError () returned 0x12 [0084.467] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.468] CreateFileW (lpFileName="C:\\Boot\\pl-PL" (normalized: "c:\\boot\\pl-pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.468] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.468] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.468] FindFirstFileExW (in: lpFileName="C:\\Boot\\pl-PL\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.468] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.468] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.469] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.469] GetLastError () returned 0x12 [0084.469] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.469] GetLastError () returned 0x5 [0084.469] FindFirstFileExW (in: lpFileName="C:\\Boot\\pl-PL\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.469] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.469] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.470] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.470] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.470] GetLastError () returned 0x12 [0084.470] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.471] CreateFileW (lpFileName="C:\\Boot\\pt-BR" (normalized: "c:\\boot\\pt-br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.471] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.471] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.471] FindFirstFileExW (in: lpFileName="C:\\Boot\\pt-BR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.471] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.472] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.472] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.472] GetLastError () returned 0x12 [0084.472] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.472] GetLastError () returned 0x5 [0084.472] FindFirstFileExW (in: lpFileName="C:\\Boot\\pt-BR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.472] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.473] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.473] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.473] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.473] GetLastError () returned 0x12 [0084.473] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.473] CreateFileW (lpFileName="C:\\Boot\\pt-PT" (normalized: "c:\\boot\\pt-pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.474] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.474] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.474] FindFirstFileExW (in: lpFileName="C:\\Boot\\pt-PT\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.474] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.475] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.475] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.475] GetLastError () returned 0x12 [0084.520] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.521] GetLastError () returned 0x5 [0084.521] FindFirstFileExW (in: lpFileName="C:\\Boot\\pt-PT\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.521] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.521] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.521] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.521] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.521] GetLastError () returned 0x12 [0084.521] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.523] CreateFileW (lpFileName="C:\\Boot\\ru-RU" (normalized: "c:\\boot\\ru-ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.523] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.524] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.524] FindFirstFileExW (in: lpFileName="C:\\Boot\\ru-RU\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.524] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.525] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.525] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.526] GetLastError () returned 0x12 [0084.526] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.526] GetLastError () returned 0x5 [0084.526] FindFirstFileExW (in: lpFileName="C:\\Boot\\ru-RU\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.527] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.527] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.527] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.527] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.527] GetLastError () returned 0x12 [0084.527] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.528] CreateFileW (lpFileName="C:\\Boot\\sv-SE" (normalized: "c:\\boot\\sv-se"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.529] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.529] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.530] FindFirstFileExW (in: lpFileName="C:\\Boot\\sv-SE\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.530] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.532] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.532] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.532] GetLastError () returned 0x12 [0084.582] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.582] GetLastError () returned 0x5 [0084.582] FindFirstFileExW (in: lpFileName="C:\\Boot\\sv-SE\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.583] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.583] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.583] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.583] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.583] GetLastError () returned 0x12 [0084.583] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.585] CreateFileW (lpFileName="C:\\Boot\\tr-TR" (normalized: "c:\\boot\\tr-tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.585] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.586] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.587] FindFirstFileExW (in: lpFileName="C:\\Boot\\tr-TR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.587] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.588] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.588] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.588] GetLastError () returned 0x12 [0084.589] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.589] GetLastError () returned 0x5 [0084.589] FindFirstFileExW (in: lpFileName="C:\\Boot\\tr-TR\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.589] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.589] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.589] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.590] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.590] GetLastError () returned 0x12 [0084.590] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.591] CreateFileW (lpFileName="C:\\Boot\\zh-CN" (normalized: "c:\\boot\\zh-cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.592] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.592] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.592] FindFirstFileExW (in: lpFileName="C:\\Boot\\zh-CN\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.592] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.593] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.593] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.593] GetLastError () returned 0x12 [0084.675] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.676] GetLastError () returned 0x5 [0084.676] FindFirstFileExW (in: lpFileName="C:\\Boot\\zh-CN\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.676] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.676] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.676] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.676] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.685] GetLastError () returned 0x12 [0084.685] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.686] CreateFileW (lpFileName="C:\\Boot\\zh-HK" (normalized: "c:\\boot\\zh-hk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.687] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.687] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.687] FindFirstFileExW (in: lpFileName="C:\\Boot\\zh-HK\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.687] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.688] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.688] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.688] GetLastError () returned 0x12 [0084.688] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.688] GetLastError () returned 0x5 [0084.688] FindFirstFileExW (in: lpFileName="C:\\Boot\\zh-HK\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.688] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.688] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.688] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.689] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.689] GetLastError () returned 0x12 [0084.689] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.689] CreateFileW (lpFileName="C:\\Boot\\zh-TW" (normalized: "c:\\boot\\zh-tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x220 [0084.690] SetFileTime (hFile=0x220, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0084.690] DeviceIoControl (in: hDevice=0x220, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0084.690] FindFirstFileExW (in: lpFileName="C:\\Boot\\zh-TW\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0084.690] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.691] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.691] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.691] GetLastError () returned 0x12 [0084.691] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.692] GetLastError () returned 0x5 [0084.692] FindFirstFileExW (in: lpFileName="C:\\Boot\\zh-TW\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0084.692] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.692] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.692] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0084.692] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0084.692] GetLastError () returned 0x12 [0084.692] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0084.692] GetLastError () returned 0x12 [0084.692] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0084.692] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0084.692] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0084.693] CreateFileW (lpFileName="C:\\Config.Msi" (normalized: "c:\\config.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x21c [0084.693] SetFileTime (hFile=0x21c, lpCreationTime=0x0, lpLastAccessTime=0x121fa54, lpLastWriteTime=0x121fa54) returned 0 [0084.693] DeviceIoControl (in: hDevice=0x21c, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121faac, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121faac, lpOverlapped=0x0) returned 0 [0084.694] FindFirstFileExW (in: lpFileName="C:\\Config.Msi\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d1950 [0084.694] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.695] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0084.695] GetLastError () returned 0x12 [0084.695] FindFirstFileExW (in: lpFileName="C:\\Config.Msi\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d13d0 [0084.695] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.695] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.696] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0084.696] GetLastError () returned 0x12 [0084.696] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0084.696] CreateFileW (lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0084.697] GetLastError () returned 0x5 [0084.697] FindFirstFileExW (in: lpFileName="C:\\Documents and Settings\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0xffffffff [0084.697] GetLastError () returned 0x5 [0084.697] FindFirstFileExW (in: lpFileName="C:\\Documents and Settings\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0xffffffff [0084.697] GetLastError () returned 0x5 [0084.697] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0084.697] FindNextFileW (in: hFindFile=0x2e6a30, lpFindFileData=0x121fadc | out: lpFindFileData=0x121fadc) returned 1 [0084.697] CreateFileW (lpFileName="C:\\MSOCache" (normalized: "c:\\msocache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0084.697] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121fa54, lpLastWriteTime=0x121fa54) returned 0 [0084.697] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121faac, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121faac, lpOverlapped=0x0) returned 0 [0084.698] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d1950 [0084.698] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.698] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.698] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 0 [0084.699] GetLastError () returned 0x12 [0084.699] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\*", fInfoLevelId=0x1, lpFindFileData=0x121f81c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f81c) returned 0x2d13d0 [0084.699] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0084.699] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0084.699] FindNextFileW (in: hFindFile=0x2d13d0, lpFindFileData=0x121f81c | out: lpFindFileData=0x121f81c) returned 1 [0085.153] CreateFileW (lpFileName="C:\\MSOCache\\All Users" (normalized: "c:\\msocache\\all users"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0085.154] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f794, lpLastWriteTime=0x121f794) returned 0 [0085.154] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f7ec, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f7ec, lpOverlapped=0x0) returned 0 [0085.154] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1950 [0085.273] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.346] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 0 [0085.346] GetLastError () returned 0x12 [0085.346] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\*", fInfoLevelId=0x1, lpFindFileData=0x121f55c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f55c) returned 0x2d1410 [0085.347] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0085.347] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.347] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0085.392] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0085.393] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0085.393] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0085.393] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0085.393] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0085.394] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0085.394] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0085.394] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0085.394] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0085.394] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0085.394] GetLastError () returned 0x12 [0085.486] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0085.486] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0085.486] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xed035930, dwHighDateTime=0x1d301be)) returned 1 [0085.487] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0085.487] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0085.489] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0088.571] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0092.258] ReadFile (in: hFile=0x224, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x62fcbb, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x62fcbb, lpOverlapped=0x0) returned 1 [0095.123] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2360020*, pdwDataLen=0x121f168*=0x62fcbb, dwBufLen=0x62fcc3 | out: pbData=0x2360020*, pdwDataLen=0x121f168*=0x62fcbb) returned 1 [0097.638] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0097.638] NtClose (Handle=0x224) returned 0x0 [0097.638] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.locked")) returned 1 [0097.658] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0097.658] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0097.658] GetLastError () returned 0x2 [0097.658] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0097.658] GetLastError () returned 0x2 [0097.658] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0097.659] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0097.659] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0097.660] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0097.660] NtClose (Handle=0x224) returned 0x0 [0097.669] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0097.715] CryptDestroyKey (hKey=0x2d1450) returned 1 [0097.715] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0097.716] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0097.716] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xece1ee80, dwHighDateTime=0x1d301be)) returned 1 [0097.716] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0097.716] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0097.716] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0x263e00, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x263e00, lpOverlapped=0x0) returned 1 [0098.663] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x263e00, dwBufLen=0x263e08 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x263e00) returned 1 [0099.560] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0099.560] NtClose (Handle=0x224) returned 0x0 [0099.560] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.locked")) returned 1 [0099.561] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0099.561] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0099.561] GetLastError () returned 0x2 [0099.561] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0099.561] GetLastError () returned 0x2 [0099.561] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0099.562] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0099.562] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0099.562] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0099.562] NtClose (Handle=0x224) returned 0x0 [0099.563] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0099.572] CryptDestroyKey (hKey=0x2d1450) returned 1 [0099.573] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0099.573] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0099.573] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xecdfa490, dwHighDateTime=0x1d301be)) returned 1 [0099.573] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0099.573] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0099.573] ReadFile (in: hFile=0x224, lpBuffer=0x9ee088, nNumberOfBytesToRead=0x61d, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x9ee088*, lpNumberOfBytesRead=0x121f178*=0x61d, lpOverlapped=0x0) returned 1 [0099.597] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa09db0*, pdwDataLen=0x121f168*=0x61d, dwBufLen=0x625 | out: pbData=0xa09db0*, pdwDataLen=0x121f168*=0x61d) returned 1 [0099.742] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0099.742] NtClose (Handle=0x224) returned 0x0 [0099.742] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.locked")) returned 1 [0099.745] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0099.791] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0099.791] GetLastError () returned 0x2 [0099.791] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0099.792] GetLastError () returned 0x2 [0099.792] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0099.792] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0099.792] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0099.793] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0099.793] NtClose (Handle=0x224) returned 0x0 [0099.793] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0099.794] CryptDestroyKey (hKey=0x2d1450) returned 1 [0099.817] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0099.817] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0099.817] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xee38cbf0, dwHighDateTime=0x1d301be)) returned 1 [0099.817] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0099.817] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0099.817] ReadFile (in: hFile=0x224, lpBuffer=0xa10478, nNumberOfBytesToRead=0x8f8, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa10478*, lpNumberOfBytesRead=0x121f178*=0x8f8, lpOverlapped=0x0) returned 1 [0099.864] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa135c8*, pdwDataLen=0x121f168*=0x8f8, dwBufLen=0x900 | out: pbData=0xa135c8*, pdwDataLen=0x121f168*=0x8f8) returned 1 [0100.214] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0100.214] NtClose (Handle=0x224) returned 0x0 [0100.214] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0100.216] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0100.216] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0100.216] GetLastError () returned 0x2 [0100.216] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0100.216] GetLastError () returned 0x2 [0100.216] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0100.217] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0100.217] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0100.218] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0100.218] NtClose (Handle=0x224) returned 0x0 [0100.218] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0100.218] CryptDestroyKey (hKey=0x2d1450) returned 1 [0100.219] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1450 [0100.219] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.219] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0100.219] GetLastError () returned 0x12 [0100.219] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0100.220] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x224 [0100.221] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0100.221] DeviceIoControl (in: hDevice=0x224, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0100.221] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0100.272] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.273] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.273] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.273] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.273] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0100.274] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0100.274] GetLastError () returned 0x12 [0100.274] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0100.274] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0100.274] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xe874f770, dwHighDateTime=0x1d301be)) returned 1 [0100.274] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0100.274] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0100.275] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0x263400, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x263400, lpOverlapped=0x0) returned 1 [0100.625] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x263400, dwBufLen=0x263408 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x263400) returned 1 [0101.400] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0101.400] NtClose (Handle=0x190) returned 0x0 [0101.401] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.locked")) returned 1 [0101.401] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0101.401] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0101.401] GetLastError () returned 0x2 [0101.401] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0101.401] GetLastError () returned 0x2 [0101.401] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0101.402] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0101.402] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0101.402] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0101.403] NtClose (Handle=0x190) returned 0x0 [0101.403] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0101.412] CryptDestroyKey (hKey=0x2d1450) returned 1 [0101.412] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0101.412] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0101.412] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xe8728670, dwHighDateTime=0x1d301be)) returned 1 [0101.412] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0101.412] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0101.413] ReadFile (in: hFile=0x190, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x5aa, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x5aa, lpOverlapped=0x0) returned 1 [0101.488] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5aa, dwBufLen=0x5b2 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5aa) returned 1 [0101.906] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0101.906] NtClose (Handle=0x190) returned 0x0 [0101.959] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.locked")) returned 1 [0101.974] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0101.976] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0101.976] GetLastError () returned 0x2 [0101.976] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0101.976] GetLastError () returned 0x2 [0101.976] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0101.980] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0101.980] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0101.981] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0101.981] NtClose (Handle=0x190) returned 0x0 [0101.982] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0101.982] CryptDestroyKey (hKey=0x2d1450) returned 1 [0101.994] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0101.994] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0101.994] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xe8b079d0, dwHighDateTime=0x1d301be)) returned 1 [0101.994] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1450) returned 1 [0101.994] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0101.995] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0103.742] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0104.973] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0106.465] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0107.019] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0108.501] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0109.960] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0111.251] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0111.878] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0113.241] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0114.063] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0115.610] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0116.198] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x71a290, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x71a290, lpOverlapped=0x0) returned 1 [0116.757] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121f168*=0x71a290, dwBufLen=0x71a298 | out: pbData=0x1d30020*, pdwDataLen=0x121f168*=0x71a290) returned 1 [0117.284] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0117.285] NtClose (Handle=0x190) returned 0x0 [0117.285] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.locked")) returned 1 [0117.285] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0117.286] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0117.286] GetLastError () returned 0x2 [0117.286] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0117.286] GetLastError () returned 0x2 [0117.286] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0117.286] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0117.286] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0117.287] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0117.287] NtClose (Handle=0x190) returned 0x0 [0117.288] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0117.378] CryptDestroyKey (hKey=0x2d1450) returned 1 [0117.378] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0117.378] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0117.378] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xecdfa490, dwHighDateTime=0x1d301be)) returned 1 [0117.379] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0117.379] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0117.379] ReadFile (in: hFile=0x190, lpBuffer=0xa0c4f0, nNumberOfBytesToRead=0x75e, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa0c4f0*, lpNumberOfBytesRead=0x121f178*=0x75e, lpOverlapped=0x0) returned 1 [0117.380] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa0cc78*, pdwDataLen=0x121f168*=0x75e, dwBufLen=0x766 | out: pbData=0xa0cc78*, pdwDataLen=0x121f168*=0x75e) returned 1 [0117.509] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0117.527] NtClose (Handle=0x190) returned 0x0 [0117.527] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0117.528] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0117.529] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0117.529] GetLastError () returned 0x2 [0117.529] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0117.529] GetLastError () returned 0x2 [0117.529] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0117.529] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0117.529] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0117.530] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0117.530] NtClose (Handle=0x190) returned 0x0 [0117.531] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0117.531] CryptDestroyKey (hKey=0x2d1778) returned 1 [0117.531] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0117.531] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.532] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0117.532] GetLastError () returned 0x12 [0117.532] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0117.554] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0117.557] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0117.558] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0117.559] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0117.678] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.693] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.693] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.693] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.693] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0117.693] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0117.693] GetLastError () returned 0x12 [0117.694] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0117.694] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0117.694] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc40b730, dwHighDateTime=0x1d301be)) returned 1 [0117.695] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0117.695] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0117.695] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0x265c00, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x265c00, lpOverlapped=0x0) returned 1 [0118.025] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x265c00, dwBufLen=0x265c08 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x265c00) returned 1 [0118.242] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0118.242] NtClose (Handle=0x224) returned 0x0 [0118.242] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.locked")) returned 1 [0118.243] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0118.243] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0118.243] GetLastError () returned 0x2 [0118.243] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0118.243] GetLastError () returned 0x2 [0118.243] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0118.244] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0118.244] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0118.244] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0118.244] NtClose (Handle=0x224) returned 0x0 [0118.246] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0118.254] CryptDestroyKey (hKey=0x2d1778) returned 1 [0118.255] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0118.255] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0118.255] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc3e4630, dwHighDateTime=0x1d301be)) returned 1 [0118.255] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0118.255] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0118.255] ReadFile (in: hFile=0x224, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x5aa, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x5aa, lpOverlapped=0x0) returned 1 [0118.435] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5aa, dwBufLen=0x5b2 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5aa) returned 1 [0118.630] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0118.630] NtClose (Handle=0x224) returned 0x0 [0118.630] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.locked")) returned 1 [0118.630] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0118.630] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0118.631] GetLastError () returned 0x2 [0118.631] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0118.631] GetLastError () returned 0x2 [0118.631] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0118.631] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0118.631] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0118.632] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0118.632] NtClose (Handle=0x224) returned 0x0 [0118.633] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0118.633] CryptDestroyKey (hKey=0x2d1778) returned 1 [0118.633] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0118.633] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0118.633] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc47e320, dwHighDateTime=0x1d301be)) returned 1 [0118.633] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0118.633] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0118.634] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0x97f3f4, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x97f3f4, lpOverlapped=0x0) returned 1 [0119.567] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ca0020*, pdwDataLen=0x121f168*=0x97f3f4, dwBufLen=0x97f3fc | out: pbData=0x1ca0020*, pdwDataLen=0x121f168*=0x97f3f4) returned 1 [0120.360] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0120.360] NtClose (Handle=0x224) returned 0x0 [0120.360] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.locked")) returned 1 [0120.361] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0120.361] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0120.361] GetLastError () returned 0x2 [0120.361] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0120.361] GetLastError () returned 0x2 [0120.362] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0120.362] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0120.362] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0120.363] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0120.363] NtClose (Handle=0x224) returned 0x0 [0120.363] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0120.394] CryptDestroyKey (hKey=0x2d1778) returned 1 [0120.394] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0120.395] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0120.395] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc8a9170, dwHighDateTime=0x1d301be)) returned 1 [0120.395] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0120.395] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0120.395] ReadFile (in: hFile=0x224, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x648, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x648, lpOverlapped=0x0) returned 1 [0120.410] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x648, dwBufLen=0x650 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x648) returned 1 [0120.522] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0120.522] NtClose (Handle=0x224) returned 0x0 [0120.522] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0120.522] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0120.523] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0120.523] GetLastError () returned 0x2 [0120.523] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0120.523] GetLastError () returned 0x2 [0120.523] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0120.523] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0120.523] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0120.524] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0120.524] NtClose (Handle=0x224) returned 0x0 [0120.525] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0120.525] CryptDestroyKey (hKey=0x2d1778) returned 1 [0120.525] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0120.525] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.525] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0120.525] GetLastError () returned 0x12 [0120.525] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0120.526] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x224 [0120.527] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0120.527] DeviceIoControl (in: hDevice=0x224, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0120.527] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0120.581] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.582] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.582] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.582] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.582] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0120.582] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0120.582] GetLastError () returned 0x12 [0120.582] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0120.583] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0120.583] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xeebe0180, dwHighDateTime=0x1d301be)) returned 1 [0120.583] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0120.583] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0120.583] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0122.109] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0122.339] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x421fcc, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x421fcc, lpOverlapped=0x0) returned 1 [0122.527] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121f168*=0x421fcc, dwBufLen=0x421fd4 | out: pbData=0x1d30020*, pdwDataLen=0x121f168*=0x421fcc) returned 1 [0122.632] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0122.632] NtClose (Handle=0x190) returned 0x0 [0122.633] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.locked")) returned 1 [0122.633] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0122.633] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0122.633] GetLastError () returned 0x2 [0122.633] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0122.634] GetLastError () returned 0x2 [0122.634] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0122.634] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0122.634] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0122.635] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0122.635] NtClose (Handle=0x190) returned 0x0 [0122.636] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0122.710] CryptDestroyKey (hKey=0x2d1778) returned 1 [0122.710] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0122.710] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0122.710] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xee827f20, dwHighDateTime=0x1d301be)) returned 1 [0122.710] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0122.710] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0122.710] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0x2bba00, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x2bba00, lpOverlapped=0x0) returned 1 [0122.945] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x18a0020*, pdwDataLen=0x121f168*=0x2bba00, dwBufLen=0x2bba08 | out: pbData=0x18a0020*, pdwDataLen=0x121f168*=0x2bba00) returned 1 [0123.148] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.148] NtClose (Handle=0x190) returned 0x0 [0123.151] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.locked")) returned 1 [0123.151] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0123.152] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0123.152] GetLastError () returned 0x2 [0123.152] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0123.152] GetLastError () returned 0x2 [0123.152] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0123.152] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.152] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0123.153] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.153] NtClose (Handle=0x190) returned 0x0 [0123.156] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0123.166] CryptDestroyKey (hKey=0x2d1778) returned 1 [0123.167] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0123.167] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.167] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xee827f20, dwHighDateTime=0x1d301be)) returned 1 [0123.167] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0123.167] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0123.167] ReadFile (in: hFile=0x190, lpBuffer=0xa0c4f0, nNumberOfBytesToRead=0xc72, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa0c4f0*, lpNumberOfBytesRead=0x121f178*=0xc72, lpOverlapped=0x0) returned 1 [0123.284] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa10478*, pdwDataLen=0x121f168*=0xc72, dwBufLen=0xc7a | out: pbData=0xa10478*, pdwDataLen=0x121f168*=0xc72) returned 1 [0123.310] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.310] NtClose (Handle=0x190) returned 0x0 [0123.310] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.locked")) returned 1 [0123.311] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0123.311] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0123.311] GetLastError () returned 0x2 [0123.311] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0123.311] GetLastError () returned 0x2 [0123.311] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0123.311] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.311] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0123.312] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.312] NtClose (Handle=0x190) returned 0x0 [0123.314] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0123.314] CryptDestroyKey (hKey=0x2d1778) returned 1 [0123.315] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0123.315] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.315] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf00db300, dwHighDateTime=0x1d301be)) returned 1 [0123.315] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0123.315] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0xa024d8, pdwDataLen=0x121f170 | out: pbData=0xa024d8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0123.315] ReadFile (in: hFile=0x190, lpBuffer=0xa10478, nNumberOfBytesToRead=0x106f, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa10478*, lpNumberOfBytesRead=0x121f178*=0x106f, lpOverlapped=0x0) returned 1 [0123.360] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa135c8*, pdwDataLen=0x121f168*=0x106f, dwBufLen=0x1077 | out: pbData=0xa135c8*, pdwDataLen=0x121f168*=0x106f) returned 1 [0123.364] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.364] NtClose (Handle=0x190) returned 0x0 [0123.364] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0123.364] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0123.364] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0123.365] GetLastError () returned 0x2 [0123.365] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0123.365] GetLastError () returned 0x2 [0123.365] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0123.365] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.365] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0123.366] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.366] NtClose (Handle=0x190) returned 0x0 [0123.366] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0123.367] CryptDestroyKey (hKey=0x2d1778) returned 1 [0123.367] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0123.367] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.367] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0123.367] GetLastError () returned 0x12 [0123.367] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0123.368] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0123.369] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0123.369] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x9998a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x9998a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0123.369] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0123.369] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.370] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.370] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.370] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.370] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0123.370] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0123.371] GetLastError () returned 0x12 [0123.371] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0123.371] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.372] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfe076d70, dwHighDateTime=0x1d301be)) returned 1 [0123.372] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0123.372] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0123.372] ReadFile (in: hFile=0x224, lpBuffer=0xa0c4f0, nNumberOfBytesToRead=0x978, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa0c4f0*, lpNumberOfBytesRead=0x121f178*=0x978, lpOverlapped=0x0) returned 1 [0123.439] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa10478*, pdwDataLen=0x121f168*=0x978, dwBufLen=0x980 | out: pbData=0xa10478*, pdwDataLen=0x121f168*=0x978) returned 1 [0123.459] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.459] NtClose (Handle=0x224) returned 0x0 [0123.459] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0123.461] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0123.461] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0123.461] GetLastError () returned 0x2 [0123.461] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0123.461] GetLastError () returned 0x2 [0123.461] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0123.461] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.461] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0123.462] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0123.463] NtClose (Handle=0x224) returned 0x0 [0123.581] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0123.581] CryptDestroyKey (hKey=0x2d1778) returned 1 [0123.582] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0123.582] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0123.582] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc967850, dwHighDateTime=0x1d301be)) returned 1 [0123.582] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0123.582] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0123.582] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0124.666] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0124.931] ReadFile (in: hFile=0x224, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0126.013] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0126.206] ReadFile (in: hFile=0x224, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0126.969] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0127.168] ReadFile (in: hFile=0x224, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0127.777] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0128.002] ReadFile (in: hFile=0x224, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x1c6dbd, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x1c6dbd, lpOverlapped=0x0) returned 1 [0128.080] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1f00020*, pdwDataLen=0x121f168*=0x1c6dbd, dwBufLen=0x1c6dc5 | out: pbData=0x1f00020*, pdwDataLen=0x121f168*=0x1c6dbd) returned 1 [0128.196] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.196] NtClose (Handle=0x224) returned 0x0 [0128.196] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.locked")) returned 1 [0128.196] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0128.196] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0128.197] GetLastError () returned 0x2 [0128.197] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0128.197] GetLastError () returned 0x2 [0128.197] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0128.197] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.197] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0128.209] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.209] NtClose (Handle=0x224) returned 0x0 [0128.212] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0128.285] CryptDestroyKey (hKey=0x2d1778) returned 1 [0128.286] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0128.286] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.286] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc8a9170, dwHighDateTime=0x1d301be)) returned 1 [0128.286] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0128.286] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0128.286] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0x267e00, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x267e00, lpOverlapped=0x0) returned 1 [0128.445] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x267e00, dwBufLen=0x267e08 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x267e00) returned 1 [0128.593] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.593] NtClose (Handle=0x224) returned 0x0 [0128.593] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.locked")) returned 1 [0128.594] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0128.594] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0128.594] GetLastError () returned 0x2 [0128.594] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0128.594] GetLastError () returned 0x2 [0128.594] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0128.595] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.595] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0128.595] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.596] NtClose (Handle=0x224) returned 0x0 [0128.603] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0128.612] CryptDestroyKey (hKey=0x2d1778) returned 1 [0128.613] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0128.613] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.613] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc8a9170, dwHighDateTime=0x1d301be)) returned 1 [0128.613] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0128.613] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0128.613] ReadFile (in: hFile=0x224, lpBuffer=0xa1b918, nNumberOfBytesToRead=0x708, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa1b918*, lpNumberOfBytesRead=0x121f178*=0x708, lpOverlapped=0x0) returned 1 [0128.614] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa0c4f0*, pdwDataLen=0x121f168*=0x708, dwBufLen=0x710 | out: pbData=0xa0c4f0*, pdwDataLen=0x121f168*=0x708) returned 1 [0128.616] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.616] NtClose (Handle=0x224) returned 0x0 [0128.617] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.locked")) returned 1 [0128.617] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0128.617] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0128.617] GetLastError () returned 0x2 [0128.617] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0128.617] GetLastError () returned 0x2 [0128.617] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0128.618] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.618] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0128.618] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.618] NtClose (Handle=0x224) returned 0x0 [0128.619] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0128.619] CryptDestroyKey (hKey=0x2d1778) returned 1 [0128.620] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0128.620] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.620] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0128.620] GetLastError () returned 0x12 [0128.620] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0128.625] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x224 [0128.625] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0128.625] DeviceIoControl (in: hDevice=0x224, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0128.625] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0128.643] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0128.644] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0128.644] GetLastError () returned 0x12 [0128.644] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0128.645] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.645] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf0126df0, dwHighDateTime=0x1d301be)) returned 1 [0128.645] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0128.645] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0128.645] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0xd4200, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xd4200, lpOverlapped=0x0) returned 1 [0128.838] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x14e0020*, pdwDataLen=0x121f168*=0xd4200, dwBufLen=0xd4208 | out: pbData=0x14e0020*, pdwDataLen=0x121f168*=0xd4200) returned 1 [0128.877] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.877] NtClose (Handle=0x190) returned 0x0 [0128.877] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.locked")) returned 1 [0128.878] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.locked", dwFileAttributes=0x2020) returned 1 [0128.879] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0128.879] GetLastError () returned 0x2 [0128.879] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0128.879] GetLastError () returned 0x2 [0128.880] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0128.880] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.880] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0128.885] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0128.885] NtClose (Handle=0x190) returned 0x0 [0128.892] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0128.895] CryptDestroyKey (hKey=0x2d1778) returned 1 [0128.896] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0128.896] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0128.896] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf00db300, dwHighDateTime=0x1d301be)) returned 1 [0128.896] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0128.896] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0128.896] ReadFile (in: hFile=0x190, lpBuffer=0x9f8088, nNumberOfBytesToRead=0x32b, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x9f8088*, lpNumberOfBytesRead=0x121f178*=0x32b, lpOverlapped=0x0) returned 1 [0129.039] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa09db0*, pdwDataLen=0x121f168*=0x32b, dwBufLen=0x333 | out: pbData=0xa09db0*, pdwDataLen=0x121f168*=0x32b) returned 1 [0129.124] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0129.124] NtClose (Handle=0x190) returned 0x0 [0129.124] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.locked")) returned 1 [0129.125] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.locked", dwFileAttributes=0x2020) returned 1 [0129.125] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0129.125] GetLastError () returned 0x2 [0129.125] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0129.125] GetLastError () returned 0x2 [0129.125] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0129.125] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0129.125] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0129.126] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0129.126] NtClose (Handle=0x190) returned 0x0 [0129.127] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0129.127] CryptDestroyKey (hKey=0x2d1778) returned 1 [0129.127] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0129.127] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0129.127] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf58c6830, dwHighDateTime=0x1d301be)) returned 1 [0129.128] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0129.128] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0129.128] ReadFile (in: hFile=0x190, lpBuffer=0xa21470, nNumberOfBytesToRead=0x16fc, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa21470*, lpNumberOfBytesRead=0x121f178*=0x16fc, lpOverlapped=0x0) returned 1 [0129.171] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x99cfa8*, pdwDataLen=0x121f168*=0x16fc, dwBufLen=0x1704 | out: pbData=0x99cfa8*, pdwDataLen=0x121f168*=0x16fc) returned 1 [0129.174] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0129.176] NtClose (Handle=0x190) returned 0x0 [0129.176] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0129.177] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0129.177] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0129.177] GetLastError () returned 0x2 [0129.177] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0129.177] GetLastError () returned 0x2 [0129.177] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0129.178] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0129.178] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0129.179] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0129.179] NtClose (Handle=0x190) returned 0x0 [0129.179] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0129.180] CryptDestroyKey (hKey=0x2d1778) returned 1 [0129.180] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0129.180] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0129.180] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0129.180] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0129.180] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x224 [0129.180] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f214, lpLastWriteTime=0x121f214) returned 0 [0129.180] DeviceIoControl (in: hDevice=0x224, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f26c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f26c, lpOverlapped=0x0) returned 0 [0129.181] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", fInfoLevelId=0x1, lpFindFileData=0x121efdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121efdc) returned 0x2d1950 [0129.181] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0129.181] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0129.181] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0129.181] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0129.181] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 0 [0129.181] GetLastError () returned 0x12 [0129.182] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0129.182] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0129.182] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf07b1ad0, dwHighDateTime=0x1d301be)) returned 1 [0129.183] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0129.183] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0129.183] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121eeb8*=0xa00000, lpOverlapped=0x0) returned 1 [0129.772] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000) returned 1 [0130.100] ReadFile (in: hFile=0xec, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xf35ed, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121eeb8*=0xf35ed, lpOverlapped=0x0) returned 1 [0130.125] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121eea8*=0xf35ed, dwBufLen=0xf35f5 | out: pbData=0x1d30020*, pdwDataLen=0x121eea8*=0xf35ed) returned 1 [0130.175] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0130.175] NtClose (Handle=0xec) returned 0x0 [0130.175] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.locked")) returned 1 [0130.175] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.locked", dwFileAttributes=0x2020) returned 1 [0130.175] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0130.176] GetLastError () returned 0x2 [0130.176] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0130.176] GetLastError () returned 0x2 [0130.176] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0130.177] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0130.177] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0130.178] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0130.178] NtClose (Handle=0xec) returned 0x0 [0130.200] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0130.262] CryptDestroyKey (hKey=0x2d1450) returned 1 [0130.262] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0130.263] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0130.263] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf020c5d0, dwHighDateTime=0x1d301be)) returned 1 [0130.263] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0130.263] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0130.263] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0xd5c00, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121eeb8*=0xd5c00, lpOverlapped=0x0) returned 1 [0130.362] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x14e0020*, pdwDataLen=0x121eea8*=0xd5c00, dwBufLen=0xd5c08 | out: pbData=0x14e0020*, pdwDataLen=0x121eea8*=0xd5c00) returned 1 [0130.374] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0130.374] NtClose (Handle=0xec) returned 0x0 [0130.374] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.locked")) returned 1 [0130.375] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.locked", dwFileAttributes=0x2020) returned 1 [0130.375] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0130.375] GetLastError () returned 0x2 [0130.375] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0130.375] GetLastError () returned 0x2 [0130.375] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0130.375] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0130.376] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0130.376] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0130.376] NtClose (Handle=0xec) returned 0x0 [0130.381] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0130.391] CryptDestroyKey (hKey=0x2d1450) returned 1 [0130.392] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0130.392] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0130.393] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf01be3d0, dwHighDateTime=0x1d301be)) returned 1 [0130.393] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0130.393] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0130.393] ReadFile (in: hFile=0xec, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x543, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121eeb8*=0x543, lpOverlapped=0x0) returned 1 [0130.415] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121eea8*=0x543, dwBufLen=0x54b | out: pbData=0xa1b918*, pdwDataLen=0x121eea8*=0x543) returned 1 [0130.454] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0130.454] NtClose (Handle=0xec) returned 0x0 [0130.454] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.locked")) returned 1 [0130.455] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.locked", dwFileAttributes=0x2020) returned 1 [0130.456] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0130.456] GetLastError () returned 0x2 [0130.456] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0130.456] GetLastError () returned 0x2 [0130.456] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0130.457] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0130.457] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0130.458] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0130.459] NtClose (Handle=0xec) returned 0x0 [0130.459] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0130.464] CryptDestroyKey (hKey=0x2d1450) returned 1 [0130.464] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", fInfoLevelId=0x1, lpFindFileData=0x121efdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121efdc) returned 0x2d1450 [0130.464] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.464] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 0 [0130.465] GetLastError () returned 0x12 [0130.465] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0130.465] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xec [0130.466] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f214, lpLastWriteTime=0x121f214) returned 0 [0130.466] DeviceIoControl (in: hDevice=0xec, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f26c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f26c, lpOverlapped=0x0) returned 0 [0130.466] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", fInfoLevelId=0x1, lpFindFileData=0x121efdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121efdc) returned 0x2d1950 [0130.466] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.467] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.467] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.467] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0130.467] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 0 [0130.467] GetLastError () returned 0x12 [0130.467] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0130.467] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0130.467] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf4f690d0, dwHighDateTime=0x1d301be)) returned 1 [0130.468] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0130.468] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0130.468] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121eeb8*=0xa00000, lpOverlapped=0x0) returned 1 [0131.419] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000) returned 1 [0131.711] ReadFile (in: hFile=0x224, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x302aea, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121eeb8*=0x302aea, lpOverlapped=0x0) returned 1 [0131.793] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121eea8*=0x302aea, dwBufLen=0x302af2 | out: pbData=0x1d30020*, pdwDataLen=0x121eea8*=0x302aea) returned 1 [0131.853] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0131.853] NtClose (Handle=0x224) returned 0x0 [0131.854] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.locked")) returned 1 [0131.854] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.locked", dwFileAttributes=0x2020) returned 1 [0131.854] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0131.854] GetLastError () returned 0x2 [0131.854] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0131.854] GetLastError () returned 0x2 [0131.854] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0131.856] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0131.856] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0131.856] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0131.856] NtClose (Handle=0x224) returned 0x0 [0131.860] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0131.894] CryptDestroyKey (hKey=0x2d1450) returned 1 [0131.895] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0131.895] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0131.895] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf4e5c7f0, dwHighDateTime=0x1d301be)) returned 1 [0131.895] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0131.895] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0131.895] ReadFile (in: hFile=0x224, lpBuffer=0x1320020, nNumberOfBytesToRead=0xd7200, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121eeb8*=0xd7200, lpOverlapped=0x0) returned 1 [0131.942] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x14e0020*, pdwDataLen=0x121eea8*=0xd7200, dwBufLen=0xd7208 | out: pbData=0x14e0020*, pdwDataLen=0x121eea8*=0xd7200) returned 1 [0131.982] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0131.982] NtClose (Handle=0x224) returned 0x0 [0131.982] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.locked")) returned 1 [0131.983] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.locked", dwFileAttributes=0x2020) returned 1 [0131.983] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0131.983] GetLastError () returned 0x2 [0131.983] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0131.983] GetLastError () returned 0x2 [0131.983] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0131.984] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0131.984] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0131.985] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0131.985] NtClose (Handle=0x224) returned 0x0 [0131.988] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0131.991] CryptDestroyKey (hKey=0x2d1450) returned 1 [0131.992] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0131.992] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0131.992] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf4e37e00, dwHighDateTime=0x1d301be)) returned 1 [0131.992] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0131.992] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0131.992] ReadFile (in: hFile=0x224, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x5b1, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121eeb8*=0x5b1, lpOverlapped=0x0) returned 1 [0132.005] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121eea8*=0x5b1, dwBufLen=0x5b9 | out: pbData=0xa1b918*, pdwDataLen=0x121eea8*=0x5b1) returned 1 [0132.009] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0132.009] NtClose (Handle=0x224) returned 0x0 [0132.009] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.locked")) returned 1 [0132.009] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.locked", dwFileAttributes=0x2020) returned 1 [0132.009] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0132.010] GetLastError () returned 0x2 [0132.010] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0132.010] GetLastError () returned 0x2 [0132.010] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0132.010] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0132.010] WriteFile (in: hFile=0x224, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0132.011] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0132.011] NtClose (Handle=0x224) returned 0x0 [0132.016] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0132.016] CryptDestroyKey (hKey=0x2d1450) returned 1 [0132.017] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", fInfoLevelId=0x1, lpFindFileData=0x121efdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121efdc) returned 0x2d1450 [0132.017] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.017] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 0 [0132.017] GetLastError () returned 0x12 [0132.017] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0132.018] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x224 [0132.018] SetFileTime (hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x121f214, lpLastWriteTime=0x121f214) returned 0 [0132.018] DeviceIoControl (in: hDevice=0x224, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f26c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f26c, lpOverlapped=0x0) returned 0 [0132.018] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", fInfoLevelId=0x1, lpFindFileData=0x121efdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121efdc) returned 0x2d1950 [0132.018] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0132.019] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 0 [0132.019] GetLastError () returned 0x12 [0132.019] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0132.020] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0132.020] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf3076b00, dwHighDateTime=0x1d301be)) returned 1 [0132.020] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0132.020] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0132.020] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121eeb8*=0xa00000, lpOverlapped=0x0) returned 1 [0132.757] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000) returned 1 [0132.966] ReadFile (in: hFile=0xec, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121eeb8*=0xa00000, lpOverlapped=0x0) returned 1 [0133.680] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121eea8*=0xa00000) returned 1 [0133.870] ReadFile (in: hFile=0xec, lpBuffer=0x99b8a0, nNumberOfBytesToRead=0x16b54, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x99b8a0*, lpNumberOfBytesRead=0x121eeb8*=0x16b54, lpOverlapped=0x0) returned 1 [0133.878] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x99b8a0*, pdwDataLen=0x121eea8*=0x16b54, dwBufLen=0x16b5c | out: pbData=0x99b8a0*, pdwDataLen=0x121eea8*=0x16b54) returned 1 [0133.932] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0133.933] NtClose (Handle=0xec) returned 0x0 [0133.933] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.locked")) returned 1 [0133.933] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.locked", dwFileAttributes=0x2020) returned 1 [0133.934] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0133.934] GetLastError () returned 0x2 [0133.934] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0133.934] GetLastError () returned 0x2 [0133.934] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0133.936] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0133.936] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0133.939] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0133.939] NtClose (Handle=0xec) returned 0x0 [0133.940] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0133.977] CryptDestroyKey (hKey=0x2d1450) returned 1 [0133.978] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0133.978] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0133.978] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf2e3b660, dwHighDateTime=0x1d301be)) returned 1 [0133.978] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0133.978] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0133.978] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0xd8400, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121eeb8*=0xd8400, lpOverlapped=0x0) returned 1 [0134.073] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x14e0020*, pdwDataLen=0x121eea8*=0xd8400, dwBufLen=0xd8408 | out: pbData=0x14e0020*, pdwDataLen=0x121eea8*=0xd8400) returned 1 [0134.152] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0134.152] NtClose (Handle=0xec) returned 0x0 [0134.152] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.locked")) returned 1 [0134.153] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.locked", dwFileAttributes=0x2020) returned 1 [0134.153] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0134.153] GetLastError () returned 0x2 [0134.153] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0134.153] GetLastError () returned 0x2 [0134.153] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.154] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0134.154] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0134.155] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0134.155] NtClose (Handle=0xec) returned 0x0 [0134.155] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0134.159] CryptDestroyKey (hKey=0x2d1450) returned 1 [0134.160] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.160] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0134.160] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50*(dwLowDateTime=0xf2bd90c0, dwHighDateTime=0x1d301be)) returned 1 [0134.160] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121eeac | out: phKey=0x121eeac*=0x2d1450) returned 1 [0134.160] CryptExportKey (in: hKey=0x2d1450, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121eeb0 | out: pbData=0x9998b8*, pdwDataLen=0x121eeb0*=0x8c) returned 1 [0134.160] ReadFile (in: hFile=0xec, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x5b2, lpNumberOfBytesRead=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121eeb8*=0x5b2, lpOverlapped=0x0) returned 1 [0134.169] CryptEncrypt (in: hKey=0x2d1450, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121eea8*=0x5b2, dwBufLen=0x5ba | out: pbData=0xa1b918*, pdwDataLen=0x121eea8*=0x5b2) returned 1 [0134.199] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0134.199] NtClose (Handle=0xec) returned 0x0 [0134.199] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.locked")) returned 1 [0134.199] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.locked", dwFileAttributes=0x2020) returned 1 [0134.200] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0134.200] GetLastError () returned 0x2 [0134.200] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121ee48 | out: lpFileInformation=0x121ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121efac, nFileSizeHigh=0x0, nFileSizeLow=0x121ef7c)) returned 0 [0134.200] GetLastError () returned 0x2 [0134.200] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.200] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121ee8c, lpLastWriteTime=0x121ee8c) returned 1 [0134.200] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121eeb8, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121eeb8*=0x3ca, lpOverlapped=0x0) returned 1 [0134.201] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121ef50) returned 1 [0134.201] NtClose (Handle=0xec) returned 0x0 [0134.202] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0134.202] CryptDestroyKey (hKey=0x2d1450) returned 1 [0134.202] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", fInfoLevelId=0x1, lpFindFileData=0x121efdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121efdc) returned 0x2d1450 [0134.202] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0134.202] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1450, lpFindFileData=0x121efdc | out: lpFindFileData=0x121efdc) returned 0 [0134.203] GetLastError () returned 0x12 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.203] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0134.203] GetLastError () returned 0x12 [0134.203] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0134.205] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0134.205] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0134.205] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0134.205] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0134.223] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.224] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.224] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0134.225] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0134.225] GetLastError () returned 0x12 [0134.225] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.225] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0134.225] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc138cb0, dwHighDateTime=0x1d301be)) returned 1 [0134.225] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0134.226] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0134.226] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0xd5600, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xd5600, lpOverlapped=0x0) returned 1 [0134.368] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x14e0020*, pdwDataLen=0x121f168*=0xd5600, dwBufLen=0xd5608 | out: pbData=0x14e0020*, pdwDataLen=0x121f168*=0xd5600) returned 1 [0134.404] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0134.404] NtClose (Handle=0xec) returned 0x0 [0134.405] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.locked")) returned 1 [0134.405] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0134.405] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0134.406] GetLastError () returned 0x2 [0134.406] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0134.406] GetLastError () returned 0x2 [0134.406] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.406] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0134.406] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0134.407] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0134.407] NtClose (Handle=0xec) returned 0x0 [0134.408] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0134.411] CryptDestroyKey (hKey=0x2d1778) returned 1 [0134.412] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.412] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0134.412] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc138cb0, dwHighDateTime=0x1d301be)) returned 1 [0134.412] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0134.412] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0134.412] ReadFile (in: hFile=0xec, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x567, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x567, lpOverlapped=0x0) returned 1 [0134.464] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x567, dwBufLen=0x56f | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x567) returned 1 [0134.482] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0134.482] NtClose (Handle=0xec) returned 0x0 [0134.482] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.locked")) returned 1 [0134.483] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0134.483] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0134.483] GetLastError () returned 0x2 [0134.483] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0134.483] GetLastError () returned 0x2 [0134.483] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.483] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0134.483] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0134.488] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0134.488] NtClose (Handle=0xec) returned 0x0 [0134.492] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0134.493] CryptDestroyKey (hKey=0x2d1778) returned 1 [0134.493] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0134.493] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0134.493] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc301560, dwHighDateTime=0x1d301be)) returned 1 [0134.493] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0134.493] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0134.493] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0x2cb13b, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x2cb13b, lpOverlapped=0x0) returned 1 [0134.982] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x18c0020*, pdwDataLen=0x121f168*=0x2cb13b, dwBufLen=0x2cb143 | out: pbData=0x18c0020*, pdwDataLen=0x121f168*=0x2cb13b) returned 1 [0135.033] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0135.033] NtClose (Handle=0xec) returned 0x0 [0135.033] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.locked")) returned 1 [0135.034] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.locked", dwFileAttributes=0x2020) returned 1 [0135.034] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0135.034] GetLastError () returned 0x2 [0135.034] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0135.034] GetLastError () returned 0x2 [0135.034] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0135.035] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0135.035] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0135.036] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0135.036] NtClose (Handle=0xec) returned 0x0 [0135.054] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0135.065] CryptDestroyKey (hKey=0x2d1778) returned 1 [0135.065] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0135.066] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0135.066] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfc3e4630, dwHighDateTime=0x1d301be)) returned 1 [0135.066] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0135.066] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0135.066] ReadFile (in: hFile=0xec, lpBuffer=0xa0c4f0, nNumberOfBytesToRead=0x93a, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa0c4f0*, lpNumberOfBytesRead=0x121f178*=0x93a, lpOverlapped=0x0) returned 1 [0135.074] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa135c8*, pdwDataLen=0x121f168*=0x93a, dwBufLen=0x942 | out: pbData=0xa135c8*, pdwDataLen=0x121f168*=0x93a) returned 1 [0135.077] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0135.077] NtClose (Handle=0xec) returned 0x0 [0135.077] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0135.078] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0135.078] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0135.078] GetLastError () returned 0x2 [0135.078] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0135.078] GetLastError () returned 0x2 [0135.079] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0135.079] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0135.079] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0135.080] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0135.080] NtClose (Handle=0xec) returned 0x0 [0135.088] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0135.089] CryptDestroyKey (hKey=0x2d1778) returned 1 [0135.089] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0135.089] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.089] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0135.089] GetLastError () returned 0x12 [0135.089] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0135.091] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xec [0135.091] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0135.091] DeviceIoControl (in: hDevice=0xec, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0135.092] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0135.128] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.130] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.130] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.130] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.130] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0135.130] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0135.130] GetLastError () returned 0x12 [0135.130] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0135.131] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0135.131] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf79111d0, dwHighDateTime=0x1d301be)) returned 1 [0135.131] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0135.131] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0135.131] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0136.485] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0136.966] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x800204, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x800204, lpOverlapped=0x0) returned 1 [0137.418] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121f168*=0x800204, dwBufLen=0x80020c | out: pbData=0x1d30020*, pdwDataLen=0x121f168*=0x800204) returned 1 [0137.596] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0137.596] NtClose (Handle=0x190) returned 0x0 [0137.596] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.locked")) returned 1 [0137.597] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0137.597] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0137.597] GetLastError () returned 0x2 [0137.597] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0137.597] GetLastError () returned 0x2 [0137.600] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0137.600] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0137.600] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0137.601] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0137.601] NtClose (Handle=0x190) returned 0x0 [0137.602] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0137.638] CryptDestroyKey (hKey=0x2d1778) returned 1 [0137.639] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0137.639] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0137.639] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf6e58f90, dwHighDateTime=0x1d301be)) returned 1 [0137.639] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0137.639] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0137.639] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0x2fac00, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x2fac00, lpOverlapped=0x0) returned 1 [0137.937] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1920020*, pdwDataLen=0x121f168*=0x2fac00, dwBufLen=0x2fac08 | out: pbData=0x1920020*, pdwDataLen=0x121f168*=0x2fac00) returned 1 [0137.996] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0137.996] NtClose (Handle=0x190) returned 0x0 [0137.996] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.locked")) returned 1 [0137.997] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0137.997] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0137.997] GetLastError () returned 0x2 [0137.997] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0137.997] GetLastError () returned 0x2 [0137.997] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0137.998] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0137.998] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0137.999] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0137.999] NtClose (Handle=0x190) returned 0x0 [0137.999] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0138.010] CryptDestroyKey (hKey=0x2d1778) returned 1 [0138.010] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0138.011] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.011] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf6e345a0, dwHighDateTime=0x1d301be)) returned 1 [0138.011] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0138.011] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0138.011] ReadFile (in: hFile=0x190, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x4cf, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x4cf, lpOverlapped=0x0) returned 1 [0138.051] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x4cf, dwBufLen=0x4d7 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x4cf) returned 1 [0138.068] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0138.069] NtClose (Handle=0x190) returned 0x0 [0138.069] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.locked")) returned 1 [0138.069] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0138.069] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0138.069] GetLastError () returned 0x2 [0138.070] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0138.070] GetLastError () returned 0x2 [0138.070] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0138.070] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.070] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0138.071] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0138.071] NtClose (Handle=0x190) returned 0x0 [0138.072] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0138.072] CryptDestroyKey (hKey=0x2d1778) returned 1 [0138.072] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0138.072] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.072] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xfa13c510, dwHighDateTime=0x1d301be)) returned 1 [0138.072] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0138.073] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0138.073] ReadFile (in: hFile=0x190, lpBuffer=0xa1b918, nNumberOfBytesToRead=0x73c, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa1b918*, lpNumberOfBytesRead=0x121f178*=0x73c, lpOverlapped=0x0) returned 1 [0138.129] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa0cc38*, pdwDataLen=0x121f168*=0x73c, dwBufLen=0x744 | out: pbData=0xa0cc38*, pdwDataLen=0x121f168*=0x73c) returned 1 [0138.185] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0138.185] NtClose (Handle=0x190) returned 0x0 [0138.186] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0138.186] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0138.186] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0138.186] GetLastError () returned 0x2 [0138.186] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0138.187] GetLastError () returned 0x2 [0138.187] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0138.187] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.187] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0138.188] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0138.188] NtClose (Handle=0x190) returned 0x0 [0138.192] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0138.192] CryptDestroyKey (hKey=0x2d1778) returned 1 [0138.193] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0138.193] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.193] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0138.193] GetLastError () returned 0x12 [0138.193] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0138.194] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0138.195] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0138.195] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0138.195] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0138.195] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.196] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.196] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.196] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.196] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0138.196] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0138.197] GetLastError () returned 0x12 [0138.197] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0138.197] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.197] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0x43bdc500, dwHighDateTime=0x1d305eb)) returned 1 [0138.198] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0138.198] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0138.198] ReadFile (in: hFile=0xec, lpBuffer=0xa21470, nNumberOfBytesToRead=0x1861, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa21470*, lpNumberOfBytesRead=0x121f178*=0x1861, lpOverlapped=0x0) returned 1 [0138.335] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x99b8a0*, pdwDataLen=0x121f168*=0x1861, dwBufLen=0x1869 | out: pbData=0x99b8a0*, pdwDataLen=0x121f168*=0x1861) returned 1 [0138.364] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0138.364] NtClose (Handle=0xec) returned 0x0 [0138.364] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0138.377] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0138.377] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0138.377] GetLastError () returned 0x2 [0138.377] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0138.377] GetLastError () returned 0x2 [0138.377] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0138.377] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.378] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0138.378] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0138.379] NtClose (Handle=0xec) returned 0x0 [0138.381] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0138.381] CryptDestroyKey (hKey=0x2d1778) returned 1 [0138.381] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0138.381] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0138.381] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0x437179c0, dwHighDateTime=0x1d305eb)) returned 1 [0138.382] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0138.382] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0138.382] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0139.276] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0139.545] ReadFile (in: hFile=0xec, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0140.231] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0140.438] ReadFile (in: hFile=0xec, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0141.258] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0141.463] ReadFile (in: hFile=0xec, lpBuffer=0x1d30020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0142.628] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0142.809] ReadFile (in: hFile=0xec, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x8780dd, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x8780dd, lpOverlapped=0x0) returned 1 [0143.241] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121f168*=0x8780dd, dwBufLen=0x8780e5 | out: pbData=0x1d30020*, pdwDataLen=0x121f168*=0x8780dd) returned 1 [0143.404] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0143.404] NtClose (Handle=0xec) returned 0x0 [0143.404] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.locked")) returned 1 [0143.405] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0143.405] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0143.405] GetLastError () returned 0x2 [0143.405] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0143.405] GetLastError () returned 0x2 [0143.405] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0143.405] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0143.405] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0143.406] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0143.406] NtClose (Handle=0xec) returned 0x0 [0143.407] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0143.441] CryptDestroyKey (hKey=0x2d1778) returned 1 [0143.442] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0143.442] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0143.442] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0x435c1d00, dwHighDateTime=0x1d305eb)) returned 1 [0143.442] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0143.442] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0143.442] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0x2ab000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x2ab000, lpOverlapped=0x0) returned 1 [0143.731] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1880020*, pdwDataLen=0x121f168*=0x2ab000, dwBufLen=0x2ab008 | out: pbData=0x1880020*, pdwDataLen=0x121f168*=0x2ab000) returned 1 [0143.783] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0143.783] NtClose (Handle=0xec) returned 0x0 [0143.783] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.locked")) returned 1 [0143.783] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0143.784] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0143.784] GetLastError () returned 0x2 [0143.784] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0143.784] GetLastError () returned 0x2 [0143.784] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0143.784] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0143.784] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0143.785] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0143.785] NtClose (Handle=0xec) returned 0x0 [0143.785] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0143.794] CryptDestroyKey (hKey=0x2d1778) returned 1 [0143.795] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0143.795] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0143.795] GetFileTime (in: hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0x4359ac00, dwHighDateTime=0x1d305eb)) returned 1 [0143.795] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0143.795] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0143.795] ReadFile (in: hFile=0xec, lpBuffer=0x99b8a0, nNumberOfBytesToRead=0x251f, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x99b8a0*, lpNumberOfBytesRead=0x121f178*=0x251f, lpOverlapped=0x0) returned 1 [0143.796] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x99dde8*, pdwDataLen=0x121f168*=0x251f, dwBufLen=0x2527 | out: pbData=0x99dde8*, pdwDataLen=0x121f168*=0x251f) returned 1 [0143.798] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0143.798] NtClose (Handle=0xec) returned 0x0 [0143.799] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.locked")) returned 1 [0143.799] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0143.799] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0143.799] GetLastError () returned 0x2 [0143.799] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0143.799] GetLastError () returned 0x2 [0143.799] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0143.800] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0143.800] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0143.800] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0143.800] NtClose (Handle=0xec) returned 0x0 [0143.801] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0143.801] CryptDestroyKey (hKey=0x2d1778) returned 1 [0143.801] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0143.801] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.802] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0143.802] GetLastError () returned 0x12 [0143.802] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0143.802] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xec [0143.803] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0143.803] DeviceIoControl (in: hDevice=0xec, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0143.803] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0143.815] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.815] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.816] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.816] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.816] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0143.816] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0143.816] GetLastError () returned 0x12 [0143.816] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0143.816] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0143.816] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf5914a30, dwHighDateTime=0x1d301be)) returned 1 [0143.816] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0143.816] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0143.817] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0x263400, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x263400, lpOverlapped=0x0) returned 1 [0144.039] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x263400, dwBufLen=0x263408 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x263400) returned 1 [0144.799] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0144.799] NtClose (Handle=0x190) returned 0x0 [0144.799] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.locked")) returned 1 [0144.800] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0144.800] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0144.800] GetLastError () returned 0x2 [0144.800] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0144.800] GetLastError () returned 0x2 [0144.800] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0144.800] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0144.801] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0144.801] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0144.801] NtClose (Handle=0x190) returned 0x0 [0144.804] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0144.813] CryptDestroyKey (hKey=0x2d1778) returned 1 [0144.813] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0144.813] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0144.813] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf58ed930, dwHighDateTime=0x1d301be)) returned 1 [0144.814] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0144.814] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0144.814] ReadFile (in: hFile=0x190, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x646, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x646, lpOverlapped=0x0) returned 1 [0144.846] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x646, dwBufLen=0x64e | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x646) returned 1 [0144.965] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0144.965] NtClose (Handle=0x190) returned 0x0 [0144.965] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.locked")) returned 1 [0144.966] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0144.966] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0144.967] GetLastError () returned 0x2 [0144.967] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0144.967] GetLastError () returned 0x2 [0144.967] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0144.967] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0144.967] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0144.968] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0144.968] NtClose (Handle=0x190) returned 0x0 [0144.972] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0144.973] CryptDestroyKey (hKey=0x2d1778) returned 1 [0144.980] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0144.980] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0144.980] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf5e95540, dwHighDateTime=0x1d301be)) returned 1 [0144.980] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0144.980] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0144.980] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0xa00000, lpOverlapped=0x0) returned 1 [0145.676] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000, dwBufLen=0xa00008 | out: pbData=0x2740020*, pdwDataLen=0x121f168*=0xa00000) returned 1 [0145.979] ReadFile (in: hFile=0x190, lpBuffer=0x1d30020, nNumberOfBytesToRead=0x6a5df8, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1d30020*, lpNumberOfBytesRead=0x121f178*=0x6a5df8, lpOverlapped=0x0) returned 1 [0146.187] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d30020*, pdwDataLen=0x121f168*=0x6a5df8, dwBufLen=0x6a5e00 | out: pbData=0x1d30020*, pdwDataLen=0x121f168*=0x6a5df8) returned 1 [0146.322] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0146.322] NtClose (Handle=0x190) returned 0x0 [0146.322] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.locked")) returned 1 [0146.323] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0146.323] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0146.323] GetLastError () returned 0x2 [0146.323] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0146.323] GetLastError () returned 0x2 [0146.323] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0146.324] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0146.324] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0146.324] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0146.324] NtClose (Handle=0x190) returned 0x0 [0146.325] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0146.359] CryptDestroyKey (hKey=0x2d1778) returned 1 [0146.359] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0146.360] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0146.360] GetFileTime (in: hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210*(dwLowDateTime=0xf6e0d4a0, dwHighDateTime=0x1d301be)) returned 1 [0146.360] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0146.360] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0146.360] ReadFile (in: hFile=0x190, lpBuffer=0xa0c4f0, nNumberOfBytesToRead=0x7c4, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa0c4f0*, lpNumberOfBytesRead=0x121f178*=0x7c4, lpOverlapped=0x0) returned 1 [0146.388] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa10478*, pdwDataLen=0x121f168*=0x7c4, dwBufLen=0x7cc | out: pbData=0xa10478*, pdwDataLen=0x121f168*=0x7c4) returned 1 [0146.397] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0146.397] NtClose (Handle=0x190) returned 0x0 [0146.398] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0146.398] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0146.398] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0146.398] GetLastError () returned 0x2 [0146.398] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0146.398] GetLastError () returned 0x2 [0146.398] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0146.399] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0146.399] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0146.399] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0146.400] NtClose (Handle=0x190) returned 0x0 [0146.403] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0146.403] CryptDestroyKey (hKey=0x2d1778) returned 1 [0146.403] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0146.403] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.403] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0146.403] GetLastError () returned 0x12 [0146.404] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0146.406] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x190 [0146.408] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0146.408] DeviceIoControl (in: hDevice=0x190, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0146.409] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0146.497] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.498] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.498] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.498] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.498] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0146.498] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0146.498] GetLastError () returned 0x12 [0146.499] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0146.499] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0146.499] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0146.499] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0146.500] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0x265400, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x265400, lpOverlapped=0x0) returned 1 [0146.645] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x265400, dwBufLen=0x265408 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x265400) returned 1 [0147.342] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0147.342] NtClose (Handle=0xec) returned 0x0 [0147.342] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.locked")) returned 1 [0147.343] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0147.343] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0147.343] GetLastError () returned 0x2 [0147.344] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0147.344] GetLastError () returned 0x2 [0147.344] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0147.344] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0147.344] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0147.345] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0147.345] NtClose (Handle=0xec) returned 0x0 [0147.345] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0147.354] CryptDestroyKey (hKey=0x2d1778) returned 1 [0147.354] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0147.355] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0147.355] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0147.355] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0147.355] ReadFile (in: hFile=0xec, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x5ac, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x5ac, lpOverlapped=0x0) returned 1 [0147.397] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5ac, dwBufLen=0x5b4 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5ac) returned 1 [0147.509] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0147.509] NtClose (Handle=0xec) returned 0x0 [0147.509] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.locked")) returned 1 [0147.509] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0147.509] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0147.509] GetLastError () returned 0x2 [0147.510] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0147.510] GetLastError () returned 0x2 [0147.510] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0147.510] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0147.510] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0147.511] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0147.511] NtClose (Handle=0xec) returned 0x0 [0147.512] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0147.512] CryptDestroyKey (hKey=0x2d1778) returned 1 [0147.513] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0147.513] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0147.513] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0147.513] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0147.513] ReadFile (in: hFile=0xec, lpBuffer=0x1320020, nNumberOfBytesToRead=0x7e1dcd, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x7e1dcd, lpOverlapped=0x0) returned 1 [0148.062] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b10020*, pdwDataLen=0x121f168*=0x7e1dcd, dwBufLen=0x7e1dd5 | out: pbData=0x1b10020*, pdwDataLen=0x121f168*=0x7e1dcd) returned 1 [0148.306] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0148.306] NtClose (Handle=0xec) returned 0x0 [0148.306] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.locked")) returned 1 [0148.306] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0148.306] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0148.307] GetLastError () returned 0x2 [0148.307] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0148.307] GetLastError () returned 0x2 [0148.307] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0148.307] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0148.307] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0148.308] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0148.308] NtClose (Handle=0xec) returned 0x0 [0148.308] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0148.334] CryptDestroyKey (hKey=0x2d1778) returned 1 [0148.334] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0148.335] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0148.335] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0148.335] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0148.335] ReadFile (in: hFile=0xec, lpBuffer=0xa0c4f0, nNumberOfBytesToRead=0x750, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa0c4f0*, lpNumberOfBytesRead=0x121f178*=0x750, lpOverlapped=0x0) returned 1 [0148.336] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa0cc78*, pdwDataLen=0x121f168*=0x750, dwBufLen=0x758 | out: pbData=0xa0cc78*, pdwDataLen=0x121f168*=0x750) returned 1 [0148.340] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0148.340] NtClose (Handle=0xec) returned 0x0 [0148.340] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.locked")) returned 1 [0148.340] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.locked", dwFileAttributes=0x2020) returned 1 [0148.340] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0148.340] GetLastError () returned 0x2 [0148.340] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0148.340] GetLastError () returned 0x2 [0148.340] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0148.341] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0148.341] WriteFile (in: hFile=0xec, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0148.341] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0148.342] NtClose (Handle=0xec) returned 0x0 [0148.343] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0148.343] CryptDestroyKey (hKey=0x2d1778) returned 1 [0148.343] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1778 [0148.343] FindClose (in: hFindFile=0x2d1950 | out: hFindFile=0x2d1950) returned 1 [0148.343] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.344] FindNextFileW (in: hFindFile=0x2d1778, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0148.344] GetLastError () returned 0x12 [0148.344] FindNextFileW (in: hFindFile=0x2d1410, lpFindFileData=0x121f55c | out: lpFindFileData=0x121f55c) returned 1 [0148.344] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xec [0148.344] SetFileTime (hFile=0xec, lpCreationTime=0x0, lpLastAccessTime=0x121f4d4, lpLastWriteTime=0x121f4d4) returned 0 [0148.344] DeviceIoControl (in: hDevice=0xec, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x99b8a0, nOutBufferSize=0x4000, lpBytesReturned=0x121f52c, lpOverlapped=0x0 | out: lpOutBuffer=0x99b8a0, lpBytesReturned=0x121f52c, lpOverlapped=0x0) returned 0 [0148.344] FindFirstFileExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", fInfoLevelId=0x1, lpFindFileData=0x121f29c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x121f29c) returned 0x2d1950 [0148.452] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.452] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.452] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.452] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.452] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 1 [0148.452] FindNextFileW (in: hFindFile=0x2d1950, lpFindFileData=0x121f29c | out: lpFindFileData=0x121f29c) returned 0 [0148.452] GetLastError () returned 0x12 [0148.453] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0148.453] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0148.453] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0148.453] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0148.454] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0x3e7e1f, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x3e7e1f, lpOverlapped=0x0) returned 1 [0148.633] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1710020*, pdwDataLen=0x121f168*=0x3e7e1f, dwBufLen=0x3e7e27 | out: pbData=0x1710020*, pdwDataLen=0x121f168*=0x3e7e1f) returned 1 [0148.705] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0148.705] NtClose (Handle=0x190) returned 0x0 [0148.705] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.locked" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.locked")) returned 1 [0148.707] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.locked", dwFileAttributes=0x2020) returned 1 [0148.707] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.readme_txt", dwFileAttributes=0x80) returned 0 [0148.707] GetLastError () returned 0x2 [0148.707] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0148.707] GetLastError () returned 0x2 [0148.708] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0148.708] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0148.708] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0148.709] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0148.709] NtClose (Handle=0x190) returned 0x0 [0148.710] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.readme_txt", dwFileAttributes=0x2020) returned 1 [0148.726] CryptDestroyKey (hKey=0x2d1778) returned 1 [0148.726] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0148.726] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0148.726] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0148.727] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0148.727] ReadFile (in: hFile=0x190, lpBuffer=0x1320020, nNumberOfBytesToRead=0x264400, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x1320020*, lpNumberOfBytesRead=0x121f178*=0x264400, lpOverlapped=0x0) returned 1 [0148.869] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1800020*, pdwDataLen=0x121f168*=0x264400, dwBufLen=0x264408 | out: pbData=0x1800020*, pdwDataLen=0x121f168*=0x264400) returned 1 [0149.015] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0149.016] NtClose (Handle=0x190) returned 0x0 [0149.016] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.locked" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.locked")) returned 1 [0149.016] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.locked", dwFileAttributes=0x2020) returned 1 [0149.016] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.readme_txt", dwFileAttributes=0x80) returned 0 [0149.016] GetLastError () returned 0x2 [0149.016] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0149.017] GetLastError () returned 0x2 [0149.017] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0149.017] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0149.017] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0149.018] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0149.018] NtClose (Handle=0x190) returned 0x0 [0149.018] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.readme_txt", dwFileAttributes=0x2020) returned 1 [0149.026] CryptDestroyKey (hKey=0x2d1778) returned 1 [0149.027] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0149.030] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0149.030] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0149.030] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0149.031] ReadFile (in: hFile=0x190, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x391, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x391, lpOverlapped=0x0) returned 1 [0149.055] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x391, dwBufLen=0x399 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x391) returned 1 [0149.077] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0149.077] NtClose (Handle=0x190) returned 0x0 [0149.077] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.locked" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.locked")) returned 1 [0149.077] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.locked", dwFileAttributes=0x2020) returned 1 [0149.077] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.readme_txt", dwFileAttributes=0x80) returned 0 [0149.078] GetLastError () returned 0x2 [0149.078] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.readme_txt"), fInfoLevelId=0x0, lpFileInformation=0x121f108 | out: lpFileInformation=0x121f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x408e92, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x121f26c, nFileSizeHigh=0x0, nFileSizeLow=0x121f23c)) returned 0 [0149.078] GetLastError () returned 0x2 [0149.078] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.readme_txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.readme_txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0149.078] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0149.078] WriteFile (in: hFile=0x190, lpBuffer=0x997970*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0x997970*, lpNumberOfBytesWritten=0x121f178*=0x3ca, lpOverlapped=0x0) returned 1 [0149.079] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x121f210) returned 1 [0149.079] NtClose (Handle=0x190) returned 0x0 [0149.079] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.readme_txt", dwFileAttributes=0x2020) returned 1 [0149.079] CryptDestroyKey (hKey=0x2d1778) returned 1 [0149.080] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0149.080] SetFileTime (hFile=0x190, lpCreationTime=0x0, lpLastAccessTime=0x121f14c, lpLastWriteTime=0x121f14c) returned 1 [0149.080] CryptGenKey (in: hProv=0x2cc0d8, Algid=0x6801, dwFlags=0x800001, phKey=0x121f16c | out: phKey=0x121f16c*=0x2d1778) returned 1 [0149.080] CryptExportKey (in: hKey=0x2d1778, hExpKey=0x2cc198, dwBlobType=0x1, dwFlags=0x0, pbData=0x9998b8, pdwDataLen=0x121f170 | out: pbData=0x9998b8*, pdwDataLen=0x121f170*=0x8c) returned 1 [0149.080] ReadFile (in: hFile=0x190, lpBuffer=0xa09db0, nNumberOfBytesToRead=0x5ac, lpNumberOfBytesRead=0x121f178, lpOverlapped=0x0 | out: lpBuffer=0xa09db0*, lpNumberOfBytesRead=0x121f178*=0x5ac, lpOverlapped=0x0) returned 1 [0149.112] CryptEncrypt (in: hKey=0x2d1778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5ac, dwBufLen=0x5b4 | out: pbData=0xa1b918*, pdwDataLen=0x121f168*=0x5ac) returned 1 Thread: id = 335 os_tid = 0xae0 [0078.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.852] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.852] GetFileType (hFile=0x158) returned 0x0 [0078.852] ResetEvent (hEvent=0x114) returned 1 [0078.852] SetEvent (hEvent=0x118) returned 1 [0078.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.852] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.852] GetFileType (hFile=0x158) returned 0x3 [0078.852] ResetEvent (hEvent=0x114) returned 1 [0078.853] SetEvent (hEvent=0x118) returned 1 [0078.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.853] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.853] GetFileType (hFile=0x158) returned 0x0 [0078.881] ResetEvent (hEvent=0x114) returned 1 [0078.881] SetEvent (hEvent=0x118) returned 1 [0078.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.881] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.881] GetFileType (hFile=0x158) returned 0x3 [0078.881] ResetEvent (hEvent=0x114) returned 1 [0078.881] SetEvent (hEvent=0x118) returned 1 [0078.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.882] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.882] GetFileType (hFile=0x158) returned 0x0 [0078.882] ResetEvent (hEvent=0x114) returned 1 [0078.882] SetEvent (hEvent=0x118) returned 1 [0078.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.882] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.882] GetFileType (hFile=0x158) returned 0x3 [0078.882] ResetEvent (hEvent=0x114) returned 1 [0078.882] SetEvent (hEvent=0x118) returned 1 [0078.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.882] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.882] GetFileType (hFile=0x158) returned 0x0 [0078.882] ResetEvent (hEvent=0x114) returned 1 [0078.882] SetEvent (hEvent=0x118) returned 1 [0078.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.882] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.882] ResetEvent (hEvent=0x114) returned 1 [0078.883] SetEvent (hEvent=0x118) returned 1 [0078.883] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.883] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.883] ResetEvent (hEvent=0x114) returned 1 [0078.883] SetEvent (hEvent=0x118) returned 1 [0078.883] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.883] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.883] ResetEvent (hEvent=0x114) returned 1 [0078.883] SetEvent (hEvent=0x118) returned 1 [0078.883] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.883] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.883] ResetEvent (hEvent=0x114) returned 1 [0078.883] SetEvent (hEvent=0x118) returned 1 [0078.884] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef758*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.884] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.884] MapViewOfFile (hFileMappingObject=0x158, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.884] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.884] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.885] ResetEvent (hEvent=0x114) returned 1 [0078.885] SetEvent (hEvent=0x118) returned 1 [0078.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.885] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.885] ResetEvent (hEvent=0x114) returned 1 [0078.885] SetEvent (hEvent=0x118) returned 1 [0078.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.885] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.885] ResetEvent (hEvent=0x114) returned 1 [0078.885] SetEvent (hEvent=0x118) returned 1 [0078.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.885] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.885] ResetEvent (hEvent=0x114) returned 1 [0078.885] SetEvent (hEvent=0x118) returned 1 [0078.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.886] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.886] ResetEvent (hEvent=0x114) returned 1 [0078.886] SetEvent (hEvent=0x118) returned 1 [0078.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.886] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.886] ResetEvent (hEvent=0x114) returned 1 [0078.886] SetEvent (hEvent=0x118) returned 1 [0078.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.886] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.886] ResetEvent (hEvent=0x114) returned 1 [0078.886] SetEvent (hEvent=0x118) returned 1 [0078.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.886] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.886] ResetEvent (hEvent=0x114) returned 1 [0078.886] SetEvent (hEvent=0x118) returned 1 [0078.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.887] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.887] ResetEvent (hEvent=0x114) returned 1 [0078.887] SetEvent (hEvent=0x118) returned 1 [0078.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.887] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.887] ResetEvent (hEvent=0x114) returned 1 [0078.887] SetEvent (hEvent=0x118) returned 1 [0078.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.887] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.887] ResetEvent (hEvent=0x114) returned 1 [0078.887] SetEvent (hEvent=0x118) returned 1 [0078.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.888] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.888] ResetEvent (hEvent=0x114) returned 1 [0078.888] SetEvent (hEvent=0x118) returned 1 [0078.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.888] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.888] ResetEvent (hEvent=0x114) returned 1 [0078.888] SetEvent (hEvent=0x118) returned 1 [0078.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.888] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.888] ResetEvent (hEvent=0x114) returned 1 [0078.888] SetEvent (hEvent=0x118) returned 1 [0078.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.888] NtQueryObject (in: Handle=0x158, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.888] ResetEvent (hEvent=0x114) returned 1 [0078.888] SetEvent (hEvent=0x118) returned 1 [0078.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.889] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.889] ResetEvent (hEvent=0x114) returned 1 [0078.889] SetEvent (hEvent=0x118) returned 1 [0078.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.889] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.889] ResetEvent (hEvent=0x114) returned 1 [0078.889] SetEvent (hEvent=0x118) returned 1 [0078.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.890] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.890] ResetEvent (hEvent=0x114) returned 1 [0078.890] SetEvent (hEvent=0x118) returned 1 [0078.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.890] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.890] ResetEvent (hEvent=0x114) returned 1 [0078.890] SetEvent (hEvent=0x118) returned 1 [0078.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.890] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.890] ResetEvent (hEvent=0x114) returned 1 [0078.890] SetEvent (hEvent=0x118) returned 1 [0078.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.890] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.890] ResetEvent (hEvent=0x114) returned 1 [0078.890] SetEvent (hEvent=0x118) returned 1 [0078.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.891] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.891] ResetEvent (hEvent=0x114) returned 1 [0078.891] SetEvent (hEvent=0x118) returned 1 [0078.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.891] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.891] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0078.891] ResetEvent (hEvent=0x114) returned 1 [0078.891] SetEvent (hEvent=0x118) returned 1 [0078.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.891] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.891] ResetEvent (hEvent=0x114) returned 1 [0078.891] SetEvent (hEvent=0x118) returned 1 [0078.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.891] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.891] ResetEvent (hEvent=0x114) returned 1 [0078.892] SetEvent (hEvent=0x118) returned 1 [0078.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.892] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.892] ResetEvent (hEvent=0x114) returned 1 [0078.892] SetEvent (hEvent=0x118) returned 1 [0078.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.892] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.892] ResetEvent (hEvent=0x114) returned 1 [0078.892] SetEvent (hEvent=0x118) returned 1 [0078.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.892] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.892] ResetEvent (hEvent=0x114) returned 1 [0078.892] SetEvent (hEvent=0x118) returned 1 [0078.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.892] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.893] ResetEvent (hEvent=0x114) returned 1 [0078.893] SetEvent (hEvent=0x118) returned 1 [0078.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.893] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.893] ResetEvent (hEvent=0x114) returned 1 [0078.893] SetEvent (hEvent=0x118) returned 1 [0078.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.893] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.893] ResetEvent (hEvent=0x114) returned 1 [0078.893] SetEvent (hEvent=0x118) returned 1 [0078.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.893] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.893] ResetEvent (hEvent=0x114) returned 1 [0078.893] SetEvent (hEvent=0x118) returned 1 [0078.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.894] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.894] ResetEvent (hEvent=0x114) returned 1 [0078.894] SetEvent (hEvent=0x118) returned 1 [0078.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.894] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.894] ResetEvent (hEvent=0x114) returned 1 [0078.894] SetEvent (hEvent=0x118) returned 1 [0078.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.894] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.894] ResetEvent (hEvent=0x114) returned 1 [0078.894] SetEvent (hEvent=0x118) returned 1 [0078.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.894] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.894] ResetEvent (hEvent=0x114) returned 1 [0078.894] SetEvent (hEvent=0x118) returned 1 [0078.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.895] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.895] ResetEvent (hEvent=0x114) returned 1 [0078.895] SetEvent (hEvent=0x118) returned 1 [0078.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.895] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.895] ResetEvent (hEvent=0x114) returned 1 [0078.895] SetEvent (hEvent=0x118) returned 1 [0078.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.895] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.895] ResetEvent (hEvent=0x114) returned 1 [0078.895] SetEvent (hEvent=0x118) returned 1 [0078.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.895] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.895] ResetEvent (hEvent=0x114) returned 1 [0078.895] SetEvent (hEvent=0x118) returned 1 [0078.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.896] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.896] ResetEvent (hEvent=0x114) returned 1 [0078.896] SetEvent (hEvent=0x118) returned 1 [0078.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.896] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.896] ResetEvent (hEvent=0x114) returned 1 [0078.896] SetEvent (hEvent=0x118) returned 1 [0078.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.896] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.896] ResetEvent (hEvent=0x114) returned 1 [0078.896] SetEvent (hEvent=0x118) returned 1 [0078.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.896] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.896] ResetEvent (hEvent=0x114) returned 1 [0078.896] SetEvent (hEvent=0x118) returned 1 [0078.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.897] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.897] ResetEvent (hEvent=0x114) returned 1 [0078.897] SetEvent (hEvent=0x118) returned 1 [0078.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.897] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.897] ResetEvent (hEvent=0x114) returned 1 [0078.897] SetEvent (hEvent=0x118) returned 1 [0078.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.897] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.897] ResetEvent (hEvent=0x114) returned 1 [0078.897] SetEvent (hEvent=0x118) returned 1 [0078.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.897] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.897] ResetEvent (hEvent=0x114) returned 1 [0078.898] SetEvent (hEvent=0x118) returned 1 [0078.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.898] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.898] ResetEvent (hEvent=0x114) returned 1 [0078.898] SetEvent (hEvent=0x118) returned 1 [0078.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.898] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.898] ResetEvent (hEvent=0x114) returned 1 [0078.898] SetEvent (hEvent=0x118) returned 1 [0078.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.898] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.898] ResetEvent (hEvent=0x114) returned 1 [0078.898] SetEvent (hEvent=0x118) returned 1 [0078.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.898] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.899] ResetEvent (hEvent=0x114) returned 1 [0078.899] SetEvent (hEvent=0x118) returned 1 [0078.899] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.899] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.899] ResetEvent (hEvent=0x114) returned 1 [0078.899] SetEvent (hEvent=0x118) returned 1 [0078.899] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.899] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.899] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.899] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.899] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.900] ResetEvent (hEvent=0x114) returned 1 [0078.900] SetEvent (hEvent=0x118) returned 1 [0078.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.900] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.900] ResetEvent (hEvent=0x114) returned 1 [0078.900] SetEvent (hEvent=0x118) returned 1 [0078.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.900] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.900] ResetEvent (hEvent=0x114) returned 1 [0078.900] SetEvent (hEvent=0x118) returned 1 [0078.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.900] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.900] ResetEvent (hEvent=0x114) returned 1 [0078.900] SetEvent (hEvent=0x118) returned 1 [0078.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.901] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.901] ResetEvent (hEvent=0x114) returned 1 [0078.901] SetEvent (hEvent=0x118) returned 1 [0078.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.901] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.901] ResetEvent (hEvent=0x114) returned 1 [0078.901] SetEvent (hEvent=0x118) returned 1 [0078.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.901] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.901] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.901] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.901] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.901] ResetEvent (hEvent=0x114) returned 1 [0078.902] SetEvent (hEvent=0x118) returned 1 [0078.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.902] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.902] ResetEvent (hEvent=0x114) returned 1 [0078.902] SetEvent (hEvent=0x118) returned 1 [0078.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.902] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.902] ResetEvent (hEvent=0x114) returned 1 [0078.902] SetEvent (hEvent=0x118) returned 1 [0078.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.902] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.902] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.902] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.903] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.903] ResetEvent (hEvent=0x114) returned 1 [0078.903] SetEvent (hEvent=0x118) returned 1 [0078.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.903] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.903] ResetEvent (hEvent=0x114) returned 1 [0078.903] SetEvent (hEvent=0x118) returned 1 [0078.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.903] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.903] ResetEvent (hEvent=0x114) returned 1 [0078.903] SetEvent (hEvent=0x118) returned 1 [0078.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.903] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.903] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.904] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.904] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.904] ResetEvent (hEvent=0x114) returned 1 [0078.904] SetEvent (hEvent=0x118) returned 1 [0078.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.904] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.904] ResetEvent (hEvent=0x114) returned 1 [0078.904] SetEvent (hEvent=0x118) returned 1 [0078.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.904] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.904] ResetEvent (hEvent=0x114) returned 1 [0078.904] SetEvent (hEvent=0x118) returned 1 [0078.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.905] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.905] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.905] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.905] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.905] ResetEvent (hEvent=0x114) returned 1 [0078.905] SetEvent (hEvent=0x118) returned 1 [0078.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.905] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.905] ResetEvent (hEvent=0x114) returned 1 [0078.905] SetEvent (hEvent=0x118) returned 1 [0078.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.905] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.905] ResetEvent (hEvent=0x114) returned 1 [0078.906] SetEvent (hEvent=0x118) returned 1 [0078.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.906] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.906] ResetEvent (hEvent=0x114) returned 1 [0078.906] SetEvent (hEvent=0x118) returned 1 [0078.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.906] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.906] ResetEvent (hEvent=0x114) returned 1 [0078.906] SetEvent (hEvent=0x118) returned 1 [0078.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.906] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.906] ResetEvent (hEvent=0x114) returned 1 [0078.906] SetEvent (hEvent=0x118) returned 1 [0078.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.906] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.907] ResetEvent (hEvent=0x114) returned 1 [0078.907] SetEvent (hEvent=0x118) returned 1 [0078.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.907] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.907] ResetEvent (hEvent=0x114) returned 1 [0078.907] SetEvent (hEvent=0x118) returned 1 [0078.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.907] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.907] ResetEvent (hEvent=0x114) returned 1 [0078.907] SetEvent (hEvent=0x118) returned 1 [0078.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.907] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.907] ResetEvent (hEvent=0x114) returned 1 [0078.907] SetEvent (hEvent=0x118) returned 1 [0078.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.908] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.908] ResetEvent (hEvent=0x114) returned 1 [0078.908] SetEvent (hEvent=0x118) returned 1 [0078.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.908] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.908] ResetEvent (hEvent=0x114) returned 1 [0078.908] SetEvent (hEvent=0x118) returned 1 [0078.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.908] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.908] ResetEvent (hEvent=0x114) returned 1 [0078.908] SetEvent (hEvent=0x118) returned 1 [0078.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.908] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.908] ResetEvent (hEvent=0x114) returned 1 [0078.908] SetEvent (hEvent=0x118) returned 1 [0078.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.909] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.909] ResetEvent (hEvent=0x114) returned 1 [0078.909] SetEvent (hEvent=0x118) returned 1 [0078.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.909] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.909] ResetEvent (hEvent=0x114) returned 1 [0078.909] SetEvent (hEvent=0x118) returned 1 [0078.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.909] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.909] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.909] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.909] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.909] ResetEvent (hEvent=0x114) returned 1 [0078.910] SetEvent (hEvent=0x118) returned 1 [0078.910] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.910] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.910] ResetEvent (hEvent=0x114) returned 1 [0078.910] SetEvent (hEvent=0x118) returned 1 [0078.910] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.910] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.910] ResetEvent (hEvent=0x114) returned 1 [0078.910] SetEvent (hEvent=0x118) returned 1 [0078.910] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.910] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.910] ResetEvent (hEvent=0x114) returned 1 [0078.910] SetEvent (hEvent=0x118) returned 1 [0078.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.911] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.911] ResetEvent (hEvent=0x114) returned 1 [0078.911] SetEvent (hEvent=0x118) returned 1 [0078.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.911] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.911] ResetEvent (hEvent=0x114) returned 1 [0078.911] SetEvent (hEvent=0x118) returned 1 [0078.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.911] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.911] ResetEvent (hEvent=0x114) returned 1 [0078.911] SetEvent (hEvent=0x118) returned 1 [0078.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.912] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.912] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0078.912] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0078.912] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0078.912] ResetEvent (hEvent=0x114) returned 1 [0078.912] SetEvent (hEvent=0x118) returned 1 [0078.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.912] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.912] ResetEvent (hEvent=0x114) returned 1 [0078.912] SetEvent (hEvent=0x118) returned 1 [0078.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.913] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.913] ResetEvent (hEvent=0x114) returned 1 [0078.913] SetEvent (hEvent=0x118) returned 1 [0078.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.913] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.913] ResetEvent (hEvent=0x114) returned 1 [0078.913] SetEvent (hEvent=0x118) returned 1 [0078.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.913] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.913] ResetEvent (hEvent=0x114) returned 1 [0078.913] SetEvent (hEvent=0x118) returned 1 [0078.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.913] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.913] ResetEvent (hEvent=0x114) returned 1 [0078.913] SetEvent (hEvent=0x118) returned 1 [0078.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.914] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.914] ResetEvent (hEvent=0x114) returned 1 [0078.914] SetEvent (hEvent=0x118) returned 1 [0078.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.914] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.914] ResetEvent (hEvent=0x114) returned 1 [0078.914] SetEvent (hEvent=0x118) returned 1 [0078.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.914] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.914] ResetEvent (hEvent=0x114) returned 1 [0078.914] SetEvent (hEvent=0x118) returned 1 [0078.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.914] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.914] ResetEvent (hEvent=0x114) returned 1 [0078.914] SetEvent (hEvent=0x118) returned 1 [0078.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.915] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.915] ResetEvent (hEvent=0x114) returned 1 [0078.915] SetEvent (hEvent=0x118) returned 1 [0078.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.915] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.915] ResetEvent (hEvent=0x114) returned 1 [0078.915] SetEvent (hEvent=0x118) returned 1 [0078.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.915] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.915] ResetEvent (hEvent=0x114) returned 1 [0078.915] SetEvent (hEvent=0x118) returned 1 [0078.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0078.915] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0078.915] ResetEvent (hEvent=0x114) returned 1 [0078.915] SetEvent (hEvent=0x118) returned 1 [0079.044] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.044] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.045] ResetEvent (hEvent=0x114) returned 1 [0079.045] SetEvent (hEvent=0x118) returned 1 [0079.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.045] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.045] ResetEvent (hEvent=0x114) returned 1 [0079.045] SetEvent (hEvent=0x118) returned 1 [0079.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.045] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.045] ResetEvent (hEvent=0x114) returned 1 [0079.045] SetEvent (hEvent=0x118) returned 1 [0079.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.045] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.045] ResetEvent (hEvent=0x114) returned 1 [0079.045] SetEvent (hEvent=0x118) returned 1 [0079.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.046] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.046] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.046] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.046] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.046] ResetEvent (hEvent=0x114) returned 1 [0079.046] SetEvent (hEvent=0x118) returned 1 [0079.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.046] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.046] ResetEvent (hEvent=0x114) returned 1 [0079.046] SetEvent (hEvent=0x118) returned 1 [0079.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.046] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.047] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.047] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.047] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.047] ResetEvent (hEvent=0x114) returned 1 [0079.047] SetEvent (hEvent=0x118) returned 1 [0079.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.047] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.047] ResetEvent (hEvent=0x114) returned 1 [0079.047] SetEvent (hEvent=0x118) returned 1 [0079.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.047] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.047] ResetEvent (hEvent=0x114) returned 1 [0079.047] SetEvent (hEvent=0x118) returned 1 [0079.048] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.048] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.048] ResetEvent (hEvent=0x114) returned 1 [0079.065] SetEvent (hEvent=0x118) returned 1 [0079.065] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.065] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.065] ResetEvent (hEvent=0x114) returned 1 [0079.065] SetEvent (hEvent=0x118) returned 1 [0079.065] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.065] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.065] ResetEvent (hEvent=0x114) returned 1 [0079.065] SetEvent (hEvent=0x118) returned 1 [0079.065] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.065] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.066] ResetEvent (hEvent=0x114) returned 1 [0079.066] SetEvent (hEvent=0x118) returned 1 [0079.066] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.066] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.066] ResetEvent (hEvent=0x114) returned 1 [0079.066] SetEvent (hEvent=0x118) returned 1 [0079.066] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.066] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.066] ResetEvent (hEvent=0x114) returned 1 [0079.066] SetEvent (hEvent=0x118) returned 1 [0079.066] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.066] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.066] ResetEvent (hEvent=0x114) returned 1 [0079.066] SetEvent (hEvent=0x118) returned 1 [0079.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.067] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.067] ResetEvent (hEvent=0x114) returned 1 [0079.067] SetEvent (hEvent=0x118) returned 1 [0079.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.067] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.067] ResetEvent (hEvent=0x114) returned 1 [0079.067] SetEvent (hEvent=0x118) returned 1 [0079.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.067] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.067] ResetEvent (hEvent=0x114) returned 1 [0079.067] SetEvent (hEvent=0x118) returned 1 [0079.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.067] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.067] ResetEvent (hEvent=0x114) returned 1 [0079.068] SetEvent (hEvent=0x118) returned 1 [0079.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.068] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.068] ResetEvent (hEvent=0x114) returned 1 [0079.068] SetEvent (hEvent=0x118) returned 1 [0079.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.068] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.068] ResetEvent (hEvent=0x114) returned 1 [0079.068] SetEvent (hEvent=0x118) returned 1 [0079.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.068] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.068] ResetEvent (hEvent=0x114) returned 1 [0079.068] SetEvent (hEvent=0x118) returned 1 [0079.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.068] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.069] ResetEvent (hEvent=0x114) returned 1 [0079.069] SetEvent (hEvent=0x118) returned 1 [0079.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.069] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.069] ResetEvent (hEvent=0x114) returned 1 [0079.069] SetEvent (hEvent=0x118) returned 1 [0079.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.069] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.069] ResetEvent (hEvent=0x114) returned 1 [0079.069] SetEvent (hEvent=0x118) returned 1 [0079.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.069] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.069] ResetEvent (hEvent=0x114) returned 1 [0079.069] SetEvent (hEvent=0x118) returned 1 [0079.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.070] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.070] ResetEvent (hEvent=0x114) returned 1 [0079.070] SetEvent (hEvent=0x118) returned 1 [0079.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.070] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.070] ResetEvent (hEvent=0x114) returned 1 [0079.070] SetEvent (hEvent=0x118) returned 1 [0079.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.070] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.070] ResetEvent (hEvent=0x114) returned 1 [0079.070] SetEvent (hEvent=0x118) returned 1 [0079.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.071] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.071] ResetEvent (hEvent=0x114) returned 1 [0079.071] SetEvent (hEvent=0x118) returned 1 [0079.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.071] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.071] ResetEvent (hEvent=0x114) returned 1 [0079.071] SetEvent (hEvent=0x118) returned 1 [0079.129] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.129] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.129] ResetEvent (hEvent=0x114) returned 1 [0079.129] SetEvent (hEvent=0x118) returned 1 [0079.129] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.130] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.130] ResetEvent (hEvent=0x114) returned 1 [0079.130] SetEvent (hEvent=0x118) returned 1 [0079.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.130] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.130] ResetEvent (hEvent=0x114) returned 1 [0079.130] SetEvent (hEvent=0x118) returned 1 [0079.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.130] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.130] ResetEvent (hEvent=0x114) returned 1 [0079.130] SetEvent (hEvent=0x118) returned 1 [0079.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.130] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.130] ResetEvent (hEvent=0x114) returned 1 [0079.130] SetEvent (hEvent=0x118) returned 1 [0079.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.131] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.131] ResetEvent (hEvent=0x114) returned 1 [0079.131] SetEvent (hEvent=0x118) returned 1 [0079.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.131] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.131] ResetEvent (hEvent=0x114) returned 1 [0079.131] SetEvent (hEvent=0x118) returned 1 [0079.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.131] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.131] ResetEvent (hEvent=0x114) returned 1 [0079.131] SetEvent (hEvent=0x118) returned 1 [0079.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.131] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.131] ResetEvent (hEvent=0x114) returned 1 [0079.131] SetEvent (hEvent=0x118) returned 1 [0079.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.132] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.132] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.132] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.132] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.132] ResetEvent (hEvent=0x114) returned 1 [0079.132] SetEvent (hEvent=0x118) returned 1 [0079.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.132] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.132] ResetEvent (hEvent=0x114) returned 1 [0079.132] SetEvent (hEvent=0x118) returned 1 [0079.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.133] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.133] ResetEvent (hEvent=0x114) returned 1 [0079.133] SetEvent (hEvent=0x118) returned 1 [0079.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.133] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.133] ResetEvent (hEvent=0x114) returned 1 [0079.133] SetEvent (hEvent=0x118) returned 1 [0079.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.133] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.133] ResetEvent (hEvent=0x114) returned 1 [0079.133] SetEvent (hEvent=0x118) returned 1 [0079.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.133] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.133] ResetEvent (hEvent=0x114) returned 1 [0079.133] SetEvent (hEvent=0x118) returned 1 [0079.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.134] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.134] ResetEvent (hEvent=0x114) returned 1 [0079.134] SetEvent (hEvent=0x118) returned 1 [0079.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.134] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.134] ResetEvent (hEvent=0x114) returned 1 [0079.134] SetEvent (hEvent=0x118) returned 1 [0079.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.134] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.134] ResetEvent (hEvent=0x114) returned 1 [0079.134] SetEvent (hEvent=0x118) returned 1 [0079.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.134] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.135] ResetEvent (hEvent=0x114) returned 1 [0079.135] SetEvent (hEvent=0x118) returned 1 [0079.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.135] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.135] ResetEvent (hEvent=0x114) returned 1 [0079.135] SetEvent (hEvent=0x118) returned 1 [0079.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.135] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.135] ResetEvent (hEvent=0x114) returned 1 [0079.135] SetEvent (hEvent=0x118) returned 1 [0079.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.135] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.135] ResetEvent (hEvent=0x114) returned 1 [0079.135] SetEvent (hEvent=0x118) returned 1 [0079.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.136] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.136] ResetEvent (hEvent=0x114) returned 1 [0079.136] SetEvent (hEvent=0x118) returned 1 [0079.136] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.136] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.136] ResetEvent (hEvent=0x114) returned 1 [0079.136] SetEvent (hEvent=0x118) returned 1 [0079.136] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.136] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.136] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.136] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.136] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.136] ResetEvent (hEvent=0x114) returned 1 [0079.136] SetEvent (hEvent=0x118) returned 1 [0079.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.137] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.137] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.137] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.137] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.137] ResetEvent (hEvent=0x114) returned 1 [0079.137] SetEvent (hEvent=0x118) returned 1 [0079.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.137] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.137] ResetEvent (hEvent=0x114) returned 1 [0079.137] SetEvent (hEvent=0x118) returned 1 [0079.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.138] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.138] ResetEvent (hEvent=0x114) returned 1 [0079.138] SetEvent (hEvent=0x118) returned 1 [0079.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.138] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.138] ResetEvent (hEvent=0x114) returned 1 [0079.138] SetEvent (hEvent=0x118) returned 1 [0079.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.138] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.138] ResetEvent (hEvent=0x114) returned 1 [0079.138] SetEvent (hEvent=0x118) returned 1 [0079.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.156] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.191] ResetEvent (hEvent=0x114) returned 1 [0079.191] SetEvent (hEvent=0x118) returned 1 [0079.191] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.195] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.195] ResetEvent (hEvent=0x114) returned 1 [0079.196] SetEvent (hEvent=0x118) returned 1 [0079.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.196] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.196] ResetEvent (hEvent=0x114) returned 1 [0079.196] SetEvent (hEvent=0x118) returned 1 [0079.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.196] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.196] ResetEvent (hEvent=0x114) returned 1 [0079.196] SetEvent (hEvent=0x118) returned 1 [0079.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.196] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.196] ResetEvent (hEvent=0x114) returned 1 [0079.196] SetEvent (hEvent=0x118) returned 1 [0079.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.197] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.197] ResetEvent (hEvent=0x114) returned 1 [0079.197] SetEvent (hEvent=0x118) returned 1 [0079.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.197] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.197] ResetEvent (hEvent=0x114) returned 1 [0079.197] SetEvent (hEvent=0x118) returned 1 [0079.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.197] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.197] ResetEvent (hEvent=0x114) returned 1 [0079.197] SetEvent (hEvent=0x118) returned 1 [0079.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.197] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.197] ResetEvent (hEvent=0x114) returned 1 [0079.198] SetEvent (hEvent=0x118) returned 1 [0079.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.198] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.198] ResetEvent (hEvent=0x114) returned 1 [0079.198] SetEvent (hEvent=0x118) returned 1 [0079.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.198] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.198] ResetEvent (hEvent=0x114) returned 1 [0079.198] SetEvent (hEvent=0x118) returned 1 [0079.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.198] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.198] ResetEvent (hEvent=0x114) returned 1 [0079.198] SetEvent (hEvent=0x118) returned 1 [0079.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.198] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.199] ResetEvent (hEvent=0x114) returned 1 [0079.199] SetEvent (hEvent=0x118) returned 1 [0079.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.199] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.199] ResetEvent (hEvent=0x114) returned 1 [0079.199] SetEvent (hEvent=0x118) returned 1 [0079.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.199] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.199] ResetEvent (hEvent=0x114) returned 1 [0079.199] SetEvent (hEvent=0x118) returned 1 [0079.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.200] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.200] ResetEvent (hEvent=0x114) returned 1 [0079.200] SetEvent (hEvent=0x118) returned 1 [0079.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.200] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.200] ResetEvent (hEvent=0x114) returned 1 [0079.200] SetEvent (hEvent=0x118) returned 1 [0079.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.200] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.200] ResetEvent (hEvent=0x114) returned 1 [0079.200] SetEvent (hEvent=0x118) returned 1 [0079.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.200] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.200] ResetEvent (hEvent=0x114) returned 1 [0079.200] SetEvent (hEvent=0x118) returned 1 [0079.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.201] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.201] ResetEvent (hEvent=0x114) returned 1 [0079.201] SetEvent (hEvent=0x118) returned 1 [0079.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.201] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.201] ResetEvent (hEvent=0x114) returned 1 [0079.201] SetEvent (hEvent=0x118) returned 1 [0079.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.201] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.201] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.201] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.201] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.202] ResetEvent (hEvent=0x114) returned 1 [0079.202] SetEvent (hEvent=0x118) returned 1 [0079.202] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.202] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.202] ResetEvent (hEvent=0x114) returned 1 [0079.202] SetEvent (hEvent=0x118) returned 1 [0079.202] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.202] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.202] ResetEvent (hEvent=0x114) returned 1 [0079.202] SetEvent (hEvent=0x118) returned 1 [0079.202] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.202] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.202] ResetEvent (hEvent=0x114) returned 1 [0079.202] SetEvent (hEvent=0x118) returned 1 [0079.203] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.203] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.203] ResetEvent (hEvent=0x114) returned 1 [0079.203] SetEvent (hEvent=0x118) returned 1 [0079.203] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.203] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.203] ResetEvent (hEvent=0x114) returned 1 [0079.203] SetEvent (hEvent=0x118) returned 1 [0079.203] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.203] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.203] ResetEvent (hEvent=0x114) returned 1 [0079.203] SetEvent (hEvent=0x118) returned 1 [0079.203] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.203] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.203] ResetEvent (hEvent=0x114) returned 1 [0079.203] SetEvent (hEvent=0x118) returned 1 [0079.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.204] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.204] ResetEvent (hEvent=0x114) returned 1 [0079.204] SetEvent (hEvent=0x118) returned 1 [0079.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.204] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.204] ResetEvent (hEvent=0x114) returned 1 [0079.204] SetEvent (hEvent=0x118) returned 1 [0079.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.204] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.204] ResetEvent (hEvent=0x114) returned 1 [0079.204] SetEvent (hEvent=0x118) returned 1 [0079.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.204] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.205] ResetEvent (hEvent=0x114) returned 1 [0079.205] SetEvent (hEvent=0x118) returned 1 [0079.206] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.206] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.206] ResetEvent (hEvent=0x114) returned 1 [0079.206] SetEvent (hEvent=0x118) returned 1 [0079.206] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.206] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.206] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.206] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.206] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.207] ResetEvent (hEvent=0x114) returned 1 [0079.207] SetEvent (hEvent=0x118) returned 1 [0079.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.207] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.207] ResetEvent (hEvent=0x114) returned 1 [0079.207] SetEvent (hEvent=0x118) returned 1 [0079.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.207] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.207] ResetEvent (hEvent=0x114) returned 1 [0079.207] SetEvent (hEvent=0x118) returned 1 [0079.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.207] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.207] ResetEvent (hEvent=0x114) returned 1 [0079.207] SetEvent (hEvent=0x118) returned 1 [0079.208] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.208] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.208] ResetEvent (hEvent=0x114) returned 1 [0079.208] SetEvent (hEvent=0x118) returned 1 [0079.208] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.208] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.208] ResetEvent (hEvent=0x114) returned 1 [0079.208] SetEvent (hEvent=0x118) returned 1 [0079.208] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.208] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.208] ResetEvent (hEvent=0x114) returned 1 [0079.208] SetEvent (hEvent=0x118) returned 1 [0079.208] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.208] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.208] ResetEvent (hEvent=0x114) returned 1 [0079.209] SetEvent (hEvent=0x118) returned 1 [0079.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.209] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.209] ResetEvent (hEvent=0x114) returned 1 [0079.209] SetEvent (hEvent=0x118) returned 1 [0079.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.209] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.209] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.209] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.209] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.209] ResetEvent (hEvent=0x114) returned 1 [0079.209] SetEvent (hEvent=0x118) returned 1 [0079.210] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.210] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.210] ResetEvent (hEvent=0x114) returned 1 [0079.210] SetEvent (hEvent=0x118) returned 1 [0079.210] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.210] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.210] ResetEvent (hEvent=0x114) returned 1 [0079.210] SetEvent (hEvent=0x118) returned 1 [0079.210] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.210] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.210] ResetEvent (hEvent=0x114) returned 1 [0079.210] SetEvent (hEvent=0x118) returned 1 [0079.210] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.210] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.210] ResetEvent (hEvent=0x114) returned 1 [0079.210] SetEvent (hEvent=0x118) returned 1 [0079.211] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.211] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.211] ResetEvent (hEvent=0x114) returned 1 [0079.211] SetEvent (hEvent=0x118) returned 1 [0079.211] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.211] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.211] ResetEvent (hEvent=0x114) returned 1 [0079.211] SetEvent (hEvent=0x118) returned 1 [0079.211] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.211] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.211] ResetEvent (hEvent=0x114) returned 1 [0079.211] SetEvent (hEvent=0x118) returned 1 [0079.211] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.211] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.211] ResetEvent (hEvent=0x114) returned 1 [0079.211] SetEvent (hEvent=0x118) returned 1 [0079.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.212] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.212] ResetEvent (hEvent=0x114) returned 1 [0079.212] SetEvent (hEvent=0x118) returned 1 [0079.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.212] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.212] ResetEvent (hEvent=0x114) returned 1 [0079.212] SetEvent (hEvent=0x118) returned 1 [0079.253] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.253] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.253] ResetEvent (hEvent=0x114) returned 1 [0079.253] SetEvent (hEvent=0x118) returned 1 [0079.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.254] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.254] ResetEvent (hEvent=0x114) returned 1 [0079.254] SetEvent (hEvent=0x118) returned 1 [0079.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.254] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.254] ResetEvent (hEvent=0x114) returned 1 [0079.254] SetEvent (hEvent=0x118) returned 1 [0079.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.254] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.254] ResetEvent (hEvent=0x114) returned 1 [0079.254] SetEvent (hEvent=0x118) returned 1 [0079.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.254] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.254] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.255] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.255] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.255] ResetEvent (hEvent=0x114) returned 1 [0079.255] SetEvent (hEvent=0x118) returned 1 [0079.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.255] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.255] ResetEvent (hEvent=0x114) returned 1 [0079.255] SetEvent (hEvent=0x118) returned 1 [0079.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.255] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.255] ResetEvent (hEvent=0x114) returned 1 [0079.255] SetEvent (hEvent=0x118) returned 1 [0079.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.256] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.256] ResetEvent (hEvent=0x114) returned 1 [0079.256] SetEvent (hEvent=0x118) returned 1 [0079.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.256] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.256] ResetEvent (hEvent=0x114) returned 1 [0079.256] SetEvent (hEvent=0x118) returned 1 [0079.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.256] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.256] ResetEvent (hEvent=0x114) returned 1 [0079.256] SetEvent (hEvent=0x118) returned 1 [0079.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.256] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.256] MapViewOfFile (hFileMappingObject=0x198, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x540000 [0079.257] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x540000, VirtualMemoryInformationClass=0x2, VirtualMemoryInformation=0xabd1b8, Length=0x2800, ResultLength=0x0 | out: VirtualMemoryInformation=0xabd1b8, ResultLength=0x0) returned 0xc0000098 [0079.257] UnmapViewOfFile (lpBaseAddress=0x540000) returned 1 [0079.257] ResetEvent (hEvent=0x114) returned 1 [0079.257] SetEvent (hEvent=0x118) returned 1 [0079.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.257] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.257] ResetEvent (hEvent=0x114) returned 1 [0079.257] SetEvent (hEvent=0x118) returned 1 [0079.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.257] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.257] ResetEvent (hEvent=0x114) returned 1 [0079.257] SetEvent (hEvent=0x118) returned 1 [0079.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.258] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.258] ResetEvent (hEvent=0x114) returned 1 [0079.258] SetEvent (hEvent=0x118) returned 1 [0079.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.258] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.258] ResetEvent (hEvent=0x114) returned 1 [0079.258] SetEvent (hEvent=0x118) returned 1 [0079.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.258] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.258] ResetEvent (hEvent=0x114) returned 1 [0079.258] SetEvent (hEvent=0x118) returned 1 [0079.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x9ef8e8*=0x114, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.258] NtQueryObject (in: Handle=0x198, ObjectInformationClass=0x2, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.258] ResetEvent (hEvent=0x114) returned 1 [0079.258] SetEvent (hEvent=0x118) returned 1 [0079.267] GetFileType (hFile=0x19c) returned 0x3 [0079.267] GetFileType (hFile=0x19c) returned 0x3 [0079.267] GetFileType (hFile=0x19c) returned 0x3 [0079.269] GetFileType (hFile=0x19c) returned 0x3 [0079.269] GetFileType (hFile=0x19c) returned 0x3 [0079.269] GetFileType (hFile=0x19c) returned 0x3 [0079.270] GetFileType (hFile=0x19c) returned 0x3 [0079.270] GetFileType (hFile=0x19c) returned 0x3 [0079.291] GetFileType (hFile=0x1a8) returned 0x3 [0079.291] GetFileType (hFile=0x1a8) returned 0x3 [0079.291] GetFileType (hFile=0x1a8) returned 0x3 [0079.292] GetFileType (hFile=0x1a8) returned 0x3 [0079.292] GetFileType (hFile=0x1a8) returned 0x3 [0079.292] GetFileType (hFile=0x1a8) returned 0x3 [0079.297] GetFileType (hFile=0x1a8) returned 0x3 [0079.297] GetFileType (hFile=0x1a8) returned 0x3 [0079.297] GetFileType (hFile=0x1a8) returned 0x3 [0079.297] GetFileType (hFile=0x1a8) returned 0x3 [0079.298] GetFileType (hFile=0x1a8) returned 0x3 [0079.310] GetFileType (hFile=0x1ac) returned 0x3 [0079.310] GetFileType (hFile=0x1ac) returned 0x3 [0079.310] GetFileType (hFile=0x1ac) returned 0x0 [0079.311] GetFileType (hFile=0x1ac) returned 0x3 [0079.311] GetFileType (hFile=0x1ac) returned 0x3 [0079.311] GetFileType (hFile=0x1ac) returned 0x3 [0079.315] GetFileType (hFile=0x1ac) returned 0x3 [0079.318] GetFileType (hFile=0x1ac) returned 0x3 [0079.320] GetFileType (hFile=0x1ac) returned 0x3 [0079.320] GetFileType (hFile=0x1ac) returned 0x3 [0079.321] GetFileType (hFile=0x1ac) returned 0x3 [0079.321] GetFileType (hFile=0x1ac) returned 0x3 [0079.321] GetFileType (hFile=0x1ac) returned 0x3 [0079.321] GetFileType (hFile=0x1ac) returned 0x3 [0079.326] GetFileType (hFile=0x1b0) returned 0x3 [0079.327] GetFileType (hFile=0x1b0) returned 0x3 [0079.327] GetFileType (hFile=0x1b0) returned 0x3 [0079.389] GetFileType (hFile=0x1b0) returned 0x1 [0079.390] NtQueryObject (in: Handle=0x1b0, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.390] MapViewOfFile (hFileMappingObject=0x1b0, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.396] GetFileType (hFile=0x1b4) returned 0x1 [0079.396] NtQueryObject (in: Handle=0x1b4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.398] GetFileType (hFile=0x1b4) returned 0x1 [0079.398] NtQueryObject (in: Handle=0x1b4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.398] MapViewOfFile (hFileMappingObject=0x1b4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.399] GetFileType (hFile=0x1b4) returned 0x3 [0079.410] GetFileType (hFile=0x1bc) returned 0x1 [0079.410] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.410] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.412] GetFileType (hFile=0x1bc) returned 0x1 [0079.412] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.414] GetFileType (hFile=0x1bc) returned 0x1 [0079.414] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.414] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.418] GetFileType (hFile=0x1bc) returned 0x1 [0079.418] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.418] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.420] GetFileType (hFile=0x1bc) returned 0x1 [0079.420] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.421] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.422] GetFileType (hFile=0x1bc) returned 0x1 [0079.422] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.422] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.423] GetFileType (hFile=0x1bc) returned 0x1 [0079.423] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.423] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.423] GetFileType (hFile=0x1bc) returned 0x1 [0079.423] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.423] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.424] GetFileType (hFile=0x1bc) returned 0x1 [0079.424] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.424] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.424] GetFileType (hFile=0x1bc) returned 0x1 [0079.424] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.424] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.425] GetFileType (hFile=0x1bc) returned 0x1 [0079.425] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.425] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.425] GetFileType (hFile=0x1bc) returned 0x1 [0079.425] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.425] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.426] GetFileType (hFile=0x1bc) returned 0x1 [0079.426] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.426] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.426] GetFileType (hFile=0x1bc) returned 0x1 [0079.426] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.426] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.427] GetFileType (hFile=0x1bc) returned 0x1 [0079.427] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.427] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.428] GetFileType (hFile=0x1bc) returned 0x1 [0079.428] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.428] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.429] GetFileType (hFile=0x1bc) returned 0x1 [0079.429] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.430] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.430] GetFileType (hFile=0x1bc) returned 0x1 [0079.431] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.431] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.432] GetFileType (hFile=0x1bc) returned 0x0 [0079.435] GetFileType (hFile=0x1bc) returned 0x1 [0079.435] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.435] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.435] GetFileType (hFile=0x1bc) returned 0x1 [0079.436] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.436] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.437] GetFileType (hFile=0x1bc) returned 0x1 [0079.437] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.437] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.438] GetFileType (hFile=0x1bc) returned 0x1 [0079.439] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.439] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.439] GetFileType (hFile=0x1bc) returned 0x1 [0079.439] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.439] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.439] GetFileType (hFile=0x1bc) returned 0x1 [0079.439] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.439] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.440] GetFileType (hFile=0x1bc) returned 0x1 [0079.440] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.440] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.440] GetFileType (hFile=0x1bc) returned 0x1 [0079.440] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.440] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.441] GetFileType (hFile=0x1bc) returned 0x1 [0079.441] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.441] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.441] GetFileType (hFile=0x1bc) returned 0x1 [0079.442] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.442] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.442] GetFileType (hFile=0x1bc) returned 0x1 [0079.442] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.442] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.442] GetFileType (hFile=0x1bc) returned 0x1 [0079.442] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.443] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.443] GetFileType (hFile=0x1bc) returned 0x1 [0079.443] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.444] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.444] GetFileType (hFile=0x1bc) returned 0x1 [0079.444] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.444] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.445] GetFileType (hFile=0x1bc) returned 0x1 [0079.445] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.445] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.446] GetFileType (hFile=0x1bc) returned 0x1 [0079.446] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.446] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.446] GetFileType (hFile=0x1bc) returned 0x1 [0079.446] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.446] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.529] GetFileType (hFile=0x1bc) returned 0x1 [0079.529] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.529] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.530] GetFileType (hFile=0x1bc) returned 0x1 [0079.530] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.530] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.531] GetFileType (hFile=0x1bc) returned 0x1 [0079.531] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.532] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.533] GetFileType (hFile=0x1bc) returned 0x1 [0079.533] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.533] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.533] GetFileType (hFile=0x1bc) returned 0x1 [0079.533] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.534] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.534] GetFileType (hFile=0x1bc) returned 0x1 [0079.535] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.535] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.536] GetFileType (hFile=0x1bc) returned 0x1 [0079.536] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.536] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.536] GetFileType (hFile=0x1bc) returned 0x1 [0079.537] NtQueryObject (in: Handle=0x1bc, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.537] MapViewOfFile (hFileMappingObject=0x1bc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.538] GetFileType (hFile=0x1bc) returned 0x3 [0079.554] GetFileType (hFile=0x1c4) returned 0x1 [0079.554] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.554] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.555] GetFileType (hFile=0x1c4) returned 0x1 [0079.555] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.556] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.565] GetFileType (hFile=0x1c4) returned 0x1 [0079.565] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.566] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.569] GetFileType (hFile=0x1c4) returned 0x1 [0079.569] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.569] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.572] GetFileType (hFile=0x1c4) returned 0x1 [0079.572] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.572] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.574] GetFileType (hFile=0x1c4) returned 0x1 [0079.574] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.574] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.576] GetFileType (hFile=0x1c4) returned 0x1 [0079.576] NtQueryObject (in: Handle=0x1c4, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.576] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.665] GetFileType (hFile=0x204) returned 0x1 [0079.666] NtQueryObject (in: Handle=0x204, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.667] MapViewOfFile (hFileMappingObject=0x204, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.672] GetFileType (hFile=0x208) returned 0x1 [0079.672] NtQueryObject (in: Handle=0x208, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.673] MapViewOfFile (hFileMappingObject=0x208, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.678] GetFileType (hFile=0x20c) returned 0x1 [0079.678] NtQueryObject (in: Handle=0x20c, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.679] MapViewOfFile (hFileMappingObject=0x20c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.687] GetFileType (hFile=0x210) returned 0x1 [0079.687] NtQueryObject (in: Handle=0x210, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.687] MapViewOfFile (hFileMappingObject=0x210, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.698] GetFileType (hFile=0x214) returned 0x1 [0079.699] NtQueryObject (in: Handle=0x214, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.700] MapViewOfFile (hFileMappingObject=0x214, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.704] GetFileType (hFile=0x218) returned 0x1 [0079.704] NtQueryObject (in: Handle=0x218, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.704] MapViewOfFile (hFileMappingObject=0x218, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 [0079.707] GetFileType (hFile=0x21c) returned 0x1 [0079.707] NtQueryObject (in: Handle=0x21c, ObjectInformationClass=0x1, ObjectInformation=0xabd1b8, ObjectInformationLength=0x2800, ReturnLength=0x131ff90 | out: ObjectInformation=0xabd1b8, ReturnLength=0x131ff90) returned 0x0 [0079.707] MapViewOfFile (hFileMappingObject=0x21c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4) returned 0x0 Process: id = "21" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4e86c000" os_pid = "0xabc" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0004c1d3" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2192 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2193 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2194 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2195 start_va = 0x190000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2196 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2197 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2198 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2199 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2200 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2201 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2202 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2203 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2204 start_va = 0x310000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2205 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2206 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2207 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2208 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2209 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2210 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2211 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2212 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2213 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2214 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2215 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2314 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2315 start_va = 0xc0000 end_va = 0x17ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2316 start_va = 0x180000 end_va = 0x181fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2317 start_va = 0x410000 end_va = 0x410fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2318 start_va = 0x420000 end_va = 0x420fff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 2319 start_va = 0x490000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2320 start_va = 0x510000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2321 start_va = 0x5b0000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2322 start_va = 0x630000 end_va = 0x8fefff entry_point = 0x630000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2323 start_va = 0x900000 end_va = 0xa87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2324 start_va = 0xa90000 end_va = 0xc10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 2325 start_va = 0xc20000 end_va = 0x1012fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 2326 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2327 start_va = 0x7fef4590000 end_va = 0x7fef4611fff entry_point = 0x7fef4590000 region_type = mapped_file name = "swprv.dll" filename = "\\Windows\\System32\\swprv.dll" (normalized: "c:\\windows\\system32\\swprv.dll") Region: id = 2328 start_va = 0x7fef8370000 end_va = 0x7fef8379fff entry_point = 0x7fef8370000 region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 2329 start_va = 0x7fef8390000 end_va = 0x7fef8398fff entry_point = 0x7fef8390000 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 2330 start_va = 0x7fefac50000 end_va = 0x7fefac66fff entry_point = 0x7fefac50000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2331 start_va = 0x7fefb770000 end_va = 0x7fefb788fff entry_point = 0x7fefb770000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2332 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2333 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2334 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2335 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2336 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2337 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2338 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2339 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2340 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2451 start_va = 0x430000 end_va = 0x430fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2452 start_va = 0x1140000 end_va = 0x11bffff entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 2453 start_va = 0x1210000 end_va = 0x128ffff entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 2454 start_va = 0x7fefd190000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd190000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2455 start_va = 0x7fefd490000 end_va = 0x7fefd4a6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2456 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2457 start_va = 0x7fefdb80000 end_va = 0x7fefdb93fff entry_point = 0x7fefdb80000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2458 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2459 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2460 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2461 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2462 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2463 start_va = 0x7fef8320000 end_va = 0x7fef8333fff entry_point = 0x7fef8320000 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 2464 start_va = 0x7fefac70000 end_va = 0x7fefae1ffff entry_point = 0x7fefac70000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Thread: id = 328 os_tid = 0xac0 Thread: id = 329 os_tid = 0xac4 Thread: id = 330 os_tid = 0xac8 Thread: id = 331 os_tid = 0xacc Thread: id = 332 os_tid = 0xad0 Thread: id = 333 os_tid = 0xad4 Thread: id = 382 os_tid = 0x80c Process: id = "22" image_name = "v5hw0h~1:bin" filename = "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1:bin" page_root = "0x4f2b4000" os_pid = "0xad8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0xa64" cmd_line = "C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2465 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2466 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2467 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2468 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2469 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2470 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2471 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2472 start_va = 0x400000 end_va = 0x42efff entry_point = 0x400000 region_type = mapped_file name = "v5hw0h~1" filename = "\\Users\\5P5NRG~1\\AppData\\Roaming\\V5HW0H~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1") Region: id = 2473 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2474 start_va = 0x77e30000 end_va = 0x77faffff entry_point = 0x77e30000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2475 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2476 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2477 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2478 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2479 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2480 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2481 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2482 start_va = 0x2c0000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2483 start_va = 0x75360000 end_va = 0x75367fff entry_point = 0x75360000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2484 start_va = 0x75370000 end_va = 0x753cbfff entry_point = 0x75370000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2485 start_va = 0x753d0000 end_va = 0x7540efff entry_point = 0x753d0000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2486 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2487 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2488 start_va = 0x540000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2489 start_va = 0x7f0000 end_va = 0x7fffff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 2490 start_va = 0x756e0000 end_va = 0x756e4fff entry_point = 0x756e0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 2491 start_va = 0x756f0000 end_va = 0x7570bfff entry_point = 0x756f0000 region_type = mapped_file name = "oledlg.dll" filename = "\\Windows\\SysWOW64\\oledlg.dll" (normalized: "c:\\windows\\syswow64\\oledlg.dll") Region: id = 2492 start_va = 0x75710000 end_va = 0x7574bfff entry_point = 0x75710000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 2493 start_va = 0x75750000 end_va = 0x75781fff entry_point = 0x75750000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 2494 start_va = 0x75790000 end_va = 0x757e0fff entry_point = 0x75790000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 2495 start_va = 0x757f0000 end_va = 0x75873fff entry_point = 0x757f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2496 start_va = 0x75980000 end_va = 0x7598bfff entry_point = 0x75980000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2497 start_va = 0x75990000 end_va = 0x759effff entry_point = 0x75990000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2498 start_va = 0x75a30000 end_va = 0x75a48fff entry_point = 0x75a30000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2499 start_va = 0x75bb0000 end_va = 0x75bf5fff entry_point = 0x75bb0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2500 start_va = 0x75fd0000 end_va = 0x760dffff entry_point = 0x75fd0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2501 start_va = 0x760e0000 end_va = 0x7617ffff entry_point = 0x760e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2502 start_va = 0x76180000 end_va = 0x761d6fff entry_point = 0x76180000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2503 start_va = 0x763c0000 end_va = 0x763c9fff entry_point = 0x763c0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2504 start_va = 0x763e0000 end_va = 0x764dffff entry_point = 0x763e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2505 start_va = 0x76670000 end_va = 0x7671bfff entry_point = 0x76670000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2506 start_va = 0x767f0000 end_va = 0x7686afff entry_point = 0x767f0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 2507 start_va = 0x76920000 end_va = 0x77569fff entry_point = 0x76920000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2508 start_va = 0x775d0000 end_va = 0x776bffff entry_point = 0x775d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2509 start_va = 0x776c0000 end_va = 0x7781bfff entry_point = 0x776c0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2510 start_va = 0x77820000 end_va = 0x778affff entry_point = 0x77820000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2511 start_va = 0x77990000 end_va = 0x77a2cfff entry_point = 0x77990000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2512 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x0 region_type = private name = "private_0x0000000077a30000" filename = "" Region: id = 2513 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x0 region_type = private name = "private_0x0000000077b50000" filename = "" Region: id = 2514 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2515 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2516 start_va = 0x640000 end_va = 0x7c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 2517 start_va = 0x76720000 end_va = 0x767ebfff entry_point = 0x76720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2518 start_va = 0x77570000 end_va = 0x775cffff entry_point = 0x77570000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2627 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2628 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2629 start_va = 0x220000 end_va = 0x220fff entry_point = 0x220000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 2630 start_va = 0x230000 end_va = 0x24afff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2631 start_va = 0x800000 end_va = 0x980fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2632 start_va = 0x990000 end_va = 0x1d8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 2633 start_va = 0x1ea0000 end_va = 0x1eaffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 2634 start_va = 0x2050000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 2635 start_va = 0x250000 end_va = 0x261fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2796 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2797 start_va = 0x2240000 end_va = 0x224ffff entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 2798 start_va = 0x430000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2799 start_va = 0x340000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 2800 start_va = 0x1d90000 end_va = 0x1e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 2801 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2802 start_va = 0x756a0000 end_va = 0x756b5fff entry_point = 0x756a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2803 start_va = 0x380000 end_va = 0x3bbfff entry_point = 0x380000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2804 start_va = 0x380000 end_va = 0x3bbfff entry_point = 0x380000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2805 start_va = 0x380000 end_va = 0x3bbfff entry_point = 0x380000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2806 start_va = 0x380000 end_va = 0x3bbfff entry_point = 0x380000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2807 start_va = 0x380000 end_va = 0x3bbfff entry_point = 0x380000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2808 start_va = 0x75660000 end_va = 0x7569afff entry_point = 0x75660000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2809 start_va = 0x2250000 end_va = 0x251efff entry_point = 0x2250000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2810 start_va = 0x75a60000 end_va = 0x75b7cfff entry_point = 0x75a60000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2811 start_va = 0x763d0000 end_va = 0x763dbfff entry_point = 0x763d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2812 start_va = 0x75620000 end_va = 0x75640fff entry_point = 0x75620000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2813 start_va = 0x77940000 end_va = 0x77984fff entry_point = 0x77940000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Thread: id = 334 os_tid = 0xadc [0078.086] ImageList_DragLeave (hwndLock=0x74d88) returned 0 [0078.086] ImageList_DragLeave (hwndLock=0x6f743) returned 0 [0078.086] InitCommonControls () [0078.086] ImageList_DragLeave (hwndLock=0x7345b) returned 0 [0078.086] ImageList_DragEnter (hwndLock=0x705f9, x=103, y=375) returned 0 [0078.087] ImageList_DragEnter (hwndLock=0x3e954, x=489, y=141) returned 0 [0078.087] ImageList_DragMove (x=245, y=179) returned 0 [0078.087] ImageList_DragMove (x=206, y=455) returned 0 [0078.087] ImageList_DragLeave (hwndLock=0x3b579) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_DragMove (x=230, y=299) returned 0 [0078.087] InitCommonControls () [0078.087] InitCommonControls () [0078.087] ImageList_DragLeave (hwndLock=0x3c00c) returned 0 [0078.087] ImageList_DragMove (x=438, y=399) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_DragMove (x=216, y=73) returned 0 [0078.087] ImageList_BeginDrag (himlTrack=0x0, iTrack=50, dxHotspot=99, dyHotspot=463) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_DragLeave (hwndLock=0x361eb) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_EndDrag () [0078.087] ImageList_DragEnter (hwndLock=0x18a13, x=297, y=462) returned 0 [0078.087] ImageList_DragMove (x=120, y=282) returned 0 [0078.087] ImageList_DragMove (x=322, y=378) returned 0 [0078.087] ImageList_BeginDrag (himlTrack=0x46d6d, iTrack=35, dxHotspot=205, dyHotspot=218) returned 0 [0078.087] ImageList_DragEnter (hwndLock=0x55c45, x=328, y=173) returned 0 [0078.087] ImageList_DragEnter (hwndLock=0x7f1e, x=240, y=35) returned 0 [0078.087] ImageList_DragMove (x=191, y=218) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_EndDrag () [0078.087] InitCommonControls () [0078.087] ImageList_DragMove (x=261, y=313) returned 0 [0078.087] ImageList_BeginDrag (himlTrack=0x18febc, iTrack=72, dxHotspot=220, dyHotspot=105) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_DragMove (x=461, y=70) returned 0 [0078.087] ImageList_DragLeave (hwndLock=0x10a00) returned 0 [0078.087] InitCommonControls () [0078.087] ImageList_DragEnter (hwndLock=0x37369, x=152, y=473) returned 0 [0078.087] InitCommonControls () [0078.087] ImageList_DragEnter (hwndLock=0x76a51, x=159, y=362) returned 0 [0078.087] ImageList_DragMove (x=8, y=25) returned 0 [0078.087] ImageList_DragEnter (hwndLock=0x666cd, x=356, y=4) returned 0 [0078.087] ImageList_EndDrag () [0078.087] ImageList_EndDrag () [0078.087] ImageList_BeginDrag (himlTrack=0x5deb7, iTrack=24, dxHotspot=51, dyHotspot=119) returned 0 [0078.087] ImageList_DragMove (x=500, y=353) returned 0 [0078.087] ImageList_DragEnter (hwndLock=0x3983f, x=296, y=444) returned 0 [0078.087] ImageList_DragEnter (hwndLock=0x20f04, x=121, y=464) returned 0 [0078.087] InitCommonControls () [0078.087] InitCommonControls () [0078.087] ImageList_BeginDrag (himlTrack=0x61dbb, iTrack=26, dxHotspot=307, dyHotspot=13) returned 0 [0078.087] ImageList_DragLeave (hwndLock=0x7024f) returned 0 [0078.087] InitCommonControls () [0078.087] InitCommonControls () [0078.088] ImageList_BeginDrag (himlTrack=0x15214, iTrack=50, dxHotspot=215, dyHotspot=6) returned 0 [0078.088] ImageList_EndDrag () [0078.088] ImageList_DragLeave (hwndLock=0x4e742) returned 0 [0078.088] InitCommonControls () [0078.088] ImageList_BeginDrag (himlTrack=0x379c7, iTrack=42, dxHotspot=156, dyHotspot=147) returned 0 [0078.088] InitCommonControls () [0078.088] ImageList_BeginDrag (himlTrack=0x41fd, iTrack=64, dxHotspot=373, dyHotspot=310) returned 0 [0078.088] ImageList_DragEnter (hwndLock=0x0, x=414, y=314) returned 0 [0078.088] ImageList_BeginDrag (himlTrack=0x4c67d, iTrack=44, dxHotspot=133, dyHotspot=98) returned 0 [0078.088] ImageList_DragMove (x=421, y=446) returned 0 [0078.088] ImageList_DragEnter (hwndLock=0x34b3d, x=428, y=123) returned 0 [0078.088] ImageList_DragEnter (hwndLock=0x3608b, x=26, y=439) returned 0 [0078.088] InitCommonControls () [0078.088] ImageList_DragEnter (hwndLock=0x371bc, x=64, y=367) returned 0 [0078.088] ImageList_EndDrag () [0078.088] ImageList_DragMove (x=402, y=394) returned 0 [0078.088] InitCommonControls () [0078.088] ImageList_DragMove (x=13, y=233) returned 0 [0078.088] ImageList_BeginDrag (himlTrack=0x7ffa0, iTrack=79, dxHotspot=55, dyHotspot=98) returned 0 [0078.089] ImageList_EndDrag () [0078.089] ImageList_DragLeave (hwndLock=0xa695) returned 0 [0078.089] ImageList_BeginDrag (himlTrack=0x21569, iTrack=56, dxHotspot=216, dyHotspot=36) returned 0 [0078.089] ImageList_DragMove (x=444, y=459) returned 0 [0078.089] ImageList_DragLeave (hwndLock=0x1ab1e) returned 0 [0078.089] ImageList_BeginDrag (himlTrack=0x2ed9e, iTrack=22, dxHotspot=323, dyHotspot=138) returned 0 [0078.089] ImageList_DragEnter (hwndLock=0x30c38, x=258, y=471) returned 0 [0078.089] ImageList_DragLeave (hwndLock=0x27201) returned 0 [0078.089] ImageList_EndDrag () [0078.089] ImageList_EndDrag () [0078.089] ImageList_BeginDrag (himlTrack=0x23de6, iTrack=100, dxHotspot=462, dyHotspot=407) returned 0 [0078.089] ImageList_BeginDrag (himlTrack=0x9597, iTrack=26, dxHotspot=321, dyHotspot=44) returned 0 [0078.089] ImageList_BeginDrag (himlTrack=0x2fadd, iTrack=75, dxHotspot=6, dyHotspot=0) returned 0 [0078.089] InitCommonControls () [0078.089] ImageList_BeginDrag (himlTrack=0x18ff3c, iTrack=17, dxHotspot=219, dyHotspot=407) returned 0 [0078.089] ImageList_DragEnter (hwndLock=0x310da, x=195, y=145) returned 0 [0078.089] ImageList_EndDrag () [0078.089] ImageList_DragLeave (hwndLock=0x5b740) returned 0 [0078.089] ImageList_EndDrag () [0078.089] ImageList_DragLeave (hwndLock=0x2ee3d) returned 0 [0078.089] ImageList_BeginDrag (himlTrack=0x73355, iTrack=0, dxHotspot=66, dyHotspot=377) returned 0 [0078.089] ImageList_EndDrag () [0078.089] ImageList_DragEnter (hwndLock=0xbe8d, x=374, y=19) returned 0 [0078.089] ImageList_DragMove (x=208, y=168) returned 0 [0078.089] InitCommonControls () [0078.089] InitCommonControls () [0078.089] GetACP () returned 0x4e4 [0078.089] GetACP () returned 0x4e4 [0078.089] GetACP () returned 0x4e4 [0078.089] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.090] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.091] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.092] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.093] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.094] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.095] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.096] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.097] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.098] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.099] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.100] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.101] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.102] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.103] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.104] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0078.105] GetACP () returned 0x4e4 [0083.820] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0083.820] VirtualAlloc (lpAddress=0x0, dwSize=0x11a00, flAllocationType=0x1000, flProtect=0x4) returned 0x250000 [0083.820] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.821] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.822] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.823] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.824] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.825] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.826] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.827] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.828] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.829] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.830] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.831] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.832] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.833] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.834] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.835] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.836] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.837] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.838] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.839] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.840] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.843] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0083.844] GetACP () returned 0x4e4 [0095.173] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc84 | out: TokenHandle=0x18fc84*=0xcc) returned 1 [0095.282] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc80 | out: TokenInformation=0x0, ReturnLength=0x18fc80) returned 0 [0095.283] GetLastError () returned 0x7a [0095.283] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x2, TokenInformation=0x2240f98, TokenInformationLength=0x118, ReturnLength=0x18fc80 | out: TokenInformation=0x2240f98, ReturnLength=0x18fc80) returned 1 [0095.283] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fc90, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fc88 | out: pSid=0x18fc88*=0x551910*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0095.283] EqualSid (pSid1=0x551910*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x2240ffc*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25))) returned 0 [0095.283] EqualSid (pSid1=0x551910*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x2241018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 0 [0095.283] EqualSid (pSid1=0x551910*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x2241024*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0095.283] NtClose (Handle=0xcc) returned 0x0 [0095.283] RtlQueryElevationFlags () returned 0x0 [0095.284] SHRegDuplicateHKey (hkey=0x80000002) returned 0x80000002 [0095.284] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x0, lpName=0x224b8d0, cchName=0x104 | out: lpName="BCD00000000") returned 0x0 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bcd00000000", cchWideChar=11, lpMultiByteStr=0x224bbe0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcd00000000", lpUsedDefaultChar=0x0) returned 11 [0095.285] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x1, lpName=0x224b8d0, cchName=0x104 | out: lpName="HARDWARE") returned 0x0 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hardware", cchWideChar=8, lpMultiByteStr=0x224bc40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hardware", lpUsedDefaultChar=0x0) returned 8 [0095.285] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x2, lpName=0x224b8d0, cchName=0x104 | out: lpName="SAM") returned 0x0 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sam", cchWideChar=3, lpMultiByteStr=0x224bc88, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sam", lpUsedDefaultChar=0x0) returned 3 [0095.286] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x3, lpName=0x224b8d0, cchName=0x104 | out: lpName="SECURITY") returned 0x0 [0095.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="security", cchWideChar=8, lpMultiByteStr=0x224bc40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="security", lpUsedDefaultChar=0x0) returned 8 [0095.286] RegEnumKeyW (in: hKey=0x80000002, dwIndex=0x4, lpName=0x224b8d0, cchName=0x104 | out: lpName="SOFTWARE") returned 0x0 [0095.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="software", cchWideChar=8, lpMultiByteStr=0x224bc88, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="software", lpUsedDefaultChar=0x0) returned 8 [0095.286] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0095.287] RegCloseKey (hKey=0x80000002) returned 0x0 [0095.287] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x224b8d0, cchName=0x104 | out: lpName="ATI Technologies") returned 0x0 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ati technologies", cchWideChar=16, lpMultiByteStr=0x224c0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ati technologies", lpUsedDefaultChar=0x0) returned 16 [0095.287] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x224b8d0, cchName=0x104 | out: lpName="CBSTEST") returned 0x0 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cbstest", cchWideChar=7, lpMultiByteStr=0x224c108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cbstest", lpUsedDefaultChar=0x0) returned 7 [0095.287] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x224b8d0, cchName=0x104 | out: lpName="Classes") returned 0x0 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="classes", cchWideChar=7, lpMultiByteStr=0x224c0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="classes", lpUsedDefaultChar=0x0) returned 7 [0095.287] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x224b8d0, cchName=0x104 | out: lpName="Clients") returned 0x0 [0095.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clients", cchWideChar=7, lpMultiByteStr=0x224c108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clients", lpUsedDefaultChar=0x0) returned 7 [0095.288] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x224b8d0, cchName=0x104 | out: lpName="Intel") returned 0x0 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="intel", cchWideChar=5, lpMultiByteStr=0x224c0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="intel", lpUsedDefaultChar=0x0) returned 5 [0095.288] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x5, lpName=0x224b8d0, cchName=0x104 | out: lpName="Macromedia") returned 0x0 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="macromedia", cchWideChar=10, lpMultiByteStr=0x224c108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="macromedia", lpUsedDefaultChar=0x0) returned 10 [0095.288] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x6, lpName=0x224b8d0, cchName=0x104 | out: lpName="Microsoft") returned 0x0 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft", cchWideChar=9, lpMultiByteStr=0x224c0c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft", lpUsedDefaultChar=0x0) returned 9 [0095.289] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0095.289] RegCloseKey (hKey=0xcc) returned 0x0 [0095.289] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0x224b8d0, cchName=0x104 | out: lpName=".NETFramework") returned 0x0 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=".netframework", cchWideChar=13, lpMultiByteStr=0x224c108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".netframework", lpUsedDefaultChar=0x0) returned 13 [0095.289] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0x224b8d0, cchName=0x104 | out: lpName="Active Setup") returned 0x0 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="active setup", cchWideChar=12, lpMultiByteStr=0x224c0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active setup", lpUsedDefaultChar=0x0) returned 12 [0095.289] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0x224b8d0, cchName=0x104 | out: lpName="ADs") returned 0x0 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ads", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ads", lpUsedDefaultChar=0x0) returned 3 [0095.290] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0x224b8d0, cchName=0x104 | out: lpName="Advanced INF Setup") returned 0x0 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="advanced inf setup", cchWideChar=18, lpMultiByteStr=0x224c0c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advanced inf setup", lpUsedDefaultChar=0x0) returned 18 [0095.290] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0x224b8d0, cchName=0x104 | out: lpName="ALG") returned 0x0 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="alg", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alg", lpUsedDefaultChar=0x0) returned 3 [0095.290] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0x224b8d0, cchName=0x104 | out: lpName="ASP.NET") returned 0x0 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="asp.net", cchWideChar=7, lpMultiByteStr=0x224c0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asp.net", lpUsedDefaultChar=0x0) returned 7 [0095.290] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0x224b8d0, cchName=0x104 | out: lpName="Assistance") returned 0x0 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="assistance", cchWideChar=10, lpMultiByteStr=0x224c108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="assistance", lpUsedDefaultChar=0x0) returned 10 [0095.291] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0x224b8d0, cchName=0x104 | out: lpName="BidInterface") returned 0x0 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bidinterface", cchWideChar=12, lpMultiByteStr=0x224c0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bidinterface", lpUsedDefaultChar=0x0) returned 12 [0095.291] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0x224b8d0, cchName=0x104 | out: lpName="COM3") returned 0x0 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="com3", cchWideChar=4, lpMultiByteStr=0x224c108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="com3", lpUsedDefaultChar=0x0) returned 4 [0095.291] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0x224b8d0, cchName=0x104 | out: lpName="Command Processor") returned 0x0 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="command processor", cchWideChar=17, lpMultiByteStr=0x224c0c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="command processor", lpUsedDefaultChar=0x0) returned 17 [0095.291] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0x224b8d0, cchName=0x104 | out: lpName="Connect to a Network Projector") returned 0x0 [0095.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0095.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="connect to a network projector", cchWideChar=30, lpMultiByteStr=0x224c108, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="connect to a network projector", lpUsedDefaultChar=0x0) returned 30 [0095.294] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0x224b8d0, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0095.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cryptography", cchWideChar=12, lpMultiByteStr=0x224c0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptography", lpUsedDefaultChar=0x0) returned 12 [0095.294] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0x224b8d0, cchName=0x104 | out: lpName="CTF") returned 0x0 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ctf", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctf", lpUsedDefaultChar=0x0) returned 3 [0095.295] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0x224b8d0, cchName=0x104 | out: lpName="DataAccess") returned 0x0 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dataaccess", cchWideChar=10, lpMultiByteStr=0x224c0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dataaccess", lpUsedDefaultChar=0x0) returned 10 [0095.295] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0x224b8d0, cchName=0x104 | out: lpName="DataFactory") returned 0x0 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="datafactory", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="datafactory", lpUsedDefaultChar=0x0) returned 11 [0095.295] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0x224b8d0, cchName=0x104 | out: lpName="DevDiv") returned 0x0 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0095.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="devdiv", cchWideChar=6, lpMultiByteStr=0x224c0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="devdiv", lpUsedDefaultChar=0x0) returned 6 [0095.296] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0x224b8d0, cchName=0x104 | out: lpName="Dfrg") returned 0x0 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfrg", cchWideChar=4, lpMultiByteStr=0x224c108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfrg", lpUsedDefaultChar=0x0) returned 4 [0095.296] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0x224b8d0, cchName=0x104 | out: lpName="DFS") returned 0x0 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dfs", cchWideChar=3, lpMultiByteStr=0x224c0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dfs", lpUsedDefaultChar=0x0) returned 3 [0095.296] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectDraw") returned 0x0 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directdraw", cchWideChar=10, lpMultiByteStr=0x224c108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directdraw", lpUsedDefaultChar=0x0) returned 10 [0095.296] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectInput") returned 0x0 [0095.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directinput", cchWideChar=11, lpMultiByteStr=0x224c0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directinput", lpUsedDefaultChar=0x0) returned 11 [0095.297] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectMusic") returned 0x0 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directmusic", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directmusic", lpUsedDefaultChar=0x0) returned 11 [0095.297] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectPlay8") returned 0x0 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplay8", cchWideChar=11, lpMultiByteStr=0x224c0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplay8", lpUsedDefaultChar=0x0) returned 11 [0095.297] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectPlayNATHelp") returned 0x0 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directplaynathelp", cchWideChar=17, lpMultiByteStr=0x224c108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directplaynathelp", lpUsedDefaultChar=0x0) returned 17 [0095.298] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectShow") returned 0x0 [0095.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directshow", cchWideChar=10, lpMultiByteStr=0x224c0c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directshow", lpUsedDefaultChar=0x0) returned 10 [0095.298] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0x224b8d0, cchName=0x104 | out: lpName="DirectX") returned 0x0 [0095.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="directx", cchWideChar=7, lpMultiByteStr=0x224c108, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directx", lpUsedDefaultChar=0x0) returned 7 [0095.298] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0x224b8d0, cchName=0x104 | out: lpName="Driver Signing") returned 0x0 [0095.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="driver signing", cchWideChar=14, lpMultiByteStr=0x224c0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="driver signing", lpUsedDefaultChar=0x0) returned 14 [0095.299] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0x224b8d0, cchName=0x104 | out: lpName="DRM") returned 0x0 [0095.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="drm", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drm", lpUsedDefaultChar=0x0) returned 3 [0095.299] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0x224b8d0, cchName=0x104 | out: lpName="DVR") returned 0x0 [0095.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dvr", cchWideChar=3, lpMultiByteStr=0x224c0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dvr", lpUsedDefaultChar=0x0) returned 3 [0095.299] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0x224b8d0, cchName=0x104 | out: lpName="DXP") returned 0x0 [0095.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dxp", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dxp", lpUsedDefaultChar=0x0) returned 3 [0095.299] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0x224b8d0, cchName=0x104 | out: lpName="EnterpriseCertificates") returned 0x0 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="enterprisecertificates", cchWideChar=22, lpMultiByteStr=0x224c0c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="enterprisecertificates", lpUsedDefaultChar=0x0) returned 22 [0095.300] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0x224b8d0, cchName=0x104 | out: lpName="EventSystem") returned 0x0 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="eventsystem", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventsystem", lpUsedDefaultChar=0x0) returned 11 [0095.300] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0x224b8d0, cchName=0x104 | out: lpName="Exchange") returned 0x0 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="exchange", cchWideChar=8, lpMultiByteStr=0x224c0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exchange", lpUsedDefaultChar=0x0) returned 8 [0095.300] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0x224b8d0, cchName=0x104 | out: lpName="Fax") returned 0x0 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax", lpUsedDefaultChar=0x0) returned 3 [0095.301] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0x224b8d0, cchName=0x104 | out: lpName="Feeds") returned 0x0 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="feeds", cchWideChar=5, lpMultiByteStr=0x224c0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feeds", lpUsedDefaultChar=0x0) returned 5 [0095.301] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0x224b8d0, cchName=0x104 | out: lpName="FlashConfig") returned 0x0 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="flashconfig", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashconfig", lpUsedDefaultChar=0x0) returned 11 [0095.301] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0x224b8d0, cchName=0x104 | out: lpName="FTH") returned 0x0 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fth", cchWideChar=3, lpMultiByteStr=0x224c0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fth", lpUsedDefaultChar=0x0) returned 3 [0095.301] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0x224b8d0, cchName=0x104 | out: lpName="Function Discovery") returned 0x0 [0095.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="function discovery", cchWideChar=18, lpMultiByteStr=0x224c108, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="function discovery", lpUsedDefaultChar=0x0) returned 18 [0095.302] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0x224b8d0, cchName=0x104 | out: lpName="Fusion") returned 0x0 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fusion", cchWideChar=6, lpMultiByteStr=0x224c0c0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fusion", lpUsedDefaultChar=0x0) returned 6 [0095.302] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0x224b8d0, cchName=0x104 | out: lpName="GPUPipeline") returned 0x0 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gpupipeline", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gpupipeline", lpUsedDefaultChar=0x0) returned 11 [0095.302] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0x224b8d0, cchName=0x104 | out: lpName="HTMLHelp") returned 0x0 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="htmlhelp", cchWideChar=8, lpMultiByteStr=0x224c0c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="htmlhelp", lpUsedDefaultChar=0x0) returned 8 [0095.303] RegEnumKeyW (in: hKey=0x38, dwIndex=0x28, lpName=0x224b8d0, cchName=0x104 | out: lpName="IdentityCRL") returned 0x0 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitycrl", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitycrl", lpUsedDefaultChar=0x0) returned 11 [0095.303] RegEnumKeyW (in: hKey=0x38, dwIndex=0x29, lpName=0x224b8d0, cchName=0x104 | out: lpName="IdentityStore") returned 0x0 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="identitystore", cchWideChar=13, lpMultiByteStr=0x224c0c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="identitystore", lpUsedDefaultChar=0x0) returned 13 [0095.303] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2a, lpName=0x224b8d0, cchName=0x104 | out: lpName="IMAPI") returned 0x0 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imapi", cchWideChar=5, lpMultiByteStr=0x224c108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imapi", lpUsedDefaultChar=0x0) returned 5 [0095.303] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2b, lpName=0x224b8d0, cchName=0x104 | out: lpName="IMEJP") returned 0x0 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imejp", cchWideChar=5, lpMultiByteStr=0x224c0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imejp", lpUsedDefaultChar=0x0) returned 5 [0095.304] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2c, lpName=0x224b8d0, cchName=0x104 | out: lpName="IMEKR") returned 0x0 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imekr", cchWideChar=5, lpMultiByteStr=0x224c108, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imekr", lpUsedDefaultChar=0x0) returned 5 [0095.304] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2d, lpName=0x224b8d0, cchName=0x104 | out: lpName="IMETC") returned 0x0 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="imetc", cchWideChar=5, lpMultiByteStr=0x224c0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="imetc", lpUsedDefaultChar=0x0) returned 5 [0095.304] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2e, lpName=0x224b8d0, cchName=0x104 | out: lpName="Internet Account Manager") returned 0x0 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet account manager", cchWideChar=24, lpMultiByteStr=0x224c108, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet account manager", lpUsedDefaultChar=0x0) returned 24 [0095.304] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2f, lpName=0x224b8d0, cchName=0x104 | out: lpName="Internet Domains") returned 0x0 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet domains", cchWideChar=16, lpMultiByteStr=0x224c0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet domains", lpUsedDefaultChar=0x0) returned 16 [0095.305] RegEnumKeyW (in: hKey=0x38, dwIndex=0x30, lpName=0x224b8d0, cchName=0x104 | out: lpName="Internet Explorer") returned 0x0 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="internet explorer", cchWideChar=17, lpMultiByteStr=0x224c108, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="internet explorer", lpUsedDefaultChar=0x0) returned 17 [0095.305] RegEnumKeyW (in: hKey=0x38, dwIndex=0x31, lpName=0x224b8d0, cchName=0x104 | out: lpName="IsoBurn") returned 0x0 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="isoburn", cchWideChar=7, lpMultiByteStr=0x224c0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isoburn", lpUsedDefaultChar=0x0) returned 7 [0095.305] RegEnumKeyW (in: hKey=0x38, dwIndex=0x32, lpName=0x224b8d0, cchName=0x104 | out: lpName="Loki") returned 0x0 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0095.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="loki", cchWideChar=4, lpMultiByteStr=0x224c108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="loki", lpUsedDefaultChar=0x0) returned 4 [0095.306] RegEnumKeyW (in: hKey=0x38, dwIndex=0x33, lpName=0x224b8d0, cchName=0x104 | out: lpName="MediaCenterPeripheral") returned 0x0 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediacenterperipheral", cchWideChar=21, lpMultiByteStr=0x224c0c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediacenterperipheral", lpUsedDefaultChar=0x0) returned 21 [0095.306] RegEnumKeyW (in: hKey=0x38, dwIndex=0x34, lpName=0x224b8d0, cchName=0x104 | out: lpName="MediaPlayer") returned 0x0 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mediaplayer", cchWideChar=11, lpMultiByteStr=0x224c108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mediaplayer", lpUsedDefaultChar=0x0) returned 11 [0095.306] RegEnumKeyW (in: hKey=0x38, dwIndex=0x35, lpName=0x224b8d0, cchName=0x104 | out: lpName="MessengerService") returned 0x0 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="messengerservice", cchWideChar=16, lpMultiByteStr=0x224c0c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messengerservice", lpUsedDefaultChar=0x0) returned 16 [0095.306] RegEnumKeyW (in: hKey=0x38, dwIndex=0x36, lpName=0x224b8d0, cchName=0x104 | out: lpName="Microsoft Reference") returned 0x0 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft reference", cchWideChar=19, lpMultiByteStr=0x224c108, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft reference", lpUsedDefaultChar=0x0) returned 19 [0095.307] RegEnumKeyW (in: hKey=0x38, dwIndex=0x37, lpName=0x224b8d0, cchName=0x104 | out: lpName="Microsoft SQL Server Compact Edition") returned 0x0 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="microsoft sql server compact edition", cchWideChar=36, lpMultiByteStr=0x224c0c0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="microsoft sql server compact edition", lpUsedDefaultChar=0x0) returned 36 [0095.307] RegEnumKeyW (in: hKey=0x38, dwIndex=0x38, lpName=0x224b8d0, cchName=0x104 | out: lpName="MigWiz") returned 0x0 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="migwiz", cchWideChar=6, lpMultiByteStr=0x224c108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="migwiz", lpUsedDefaultChar=0x0) returned 6 [0095.307] RegEnumKeyW (in: hKey=0x38, dwIndex=0x39, lpName=0x224b8d0, cchName=0x104 | out: lpName="MMC") returned 0x0 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mmc", cchWideChar=3, lpMultiByteStr=0x224c0c0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mmc", lpUsedDefaultChar=0x0) returned 3 [0095.308] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3a, lpName=0x224b8d0, cchName=0x104 | out: lpName="Mobile") returned 0x0 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mobile", cchWideChar=6, lpMultiByteStr=0x224c108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mobile", lpUsedDefaultChar=0x0) returned 6 [0095.308] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3b, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSBuild") returned 0x0 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msbuild", cchWideChar=7, lpMultiByteStr=0x224c0c0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msbuild", lpUsedDefaultChar=0x0) returned 7 [0095.308] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3c, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSDE") returned 0x0 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msde", cchWideChar=4, lpMultiByteStr=0x224c108, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msde", lpUsedDefaultChar=0x0) returned 4 [0095.308] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3d, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0095.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msdtc", cchWideChar=5, lpMultiByteStr=0x224c0c0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msdtc", lpUsedDefaultChar=0x0) returned 5 [0095.309] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3e, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSF") returned 0x0 [0095.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0095.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msf", cchWideChar=3, lpMultiByteStr=0x224c108, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msf", lpUsedDefaultChar=0x0) returned 3 [0095.309] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3f, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSLicensing") returned 0x0 [0095.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mslicensing", cchWideChar=11, lpMultiByteStr=0x224c0c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mslicensing", lpUsedDefaultChar=0x0) returned 11 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x40, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSMQ") returned 0x0 [0095.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="msmq", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x41, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSN Apps") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x42, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSOSOAP") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x43, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSSearch36") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x44, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSSQLServer") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x45, lpName=0x224b8d0, cchName=0x104 | out: lpName="Multimedia") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x46, lpName=0x224b8d0, cchName=0x104 | out: lpName="NapServer") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x47, lpName=0x224b8d0, cchName=0x104 | out: lpName="NET Framework Setup") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x48, lpName=0x224b8d0, cchName=0x104 | out: lpName="NetSh") returned 0x0 [0095.829] RegEnumKeyW (in: hKey=0x38, dwIndex=0x49, lpName=0x224b8d0, cchName=0x104 | out: lpName="Network") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4a, lpName=0x224b8d0, cchName=0x104 | out: lpName="NetworkAccessProtection") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4b, lpName=0x224b8d0, cchName=0x104 | out: lpName="Non-Driver Signing") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4c, lpName=0x224b8d0, cchName=0x104 | out: lpName="Notepad") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4d, lpName=0x224b8d0, cchName=0x104 | out: lpName="ODBC") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4e, lpName=0x224b8d0, cchName=0x104 | out: lpName="Office") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4f, lpName=0x224b8d0, cchName=0x104 | out: lpName="OfficeSoftwareProtectionPlatform") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x50, lpName=0x224b8d0, cchName=0x104 | out: lpName="Ole") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x51, lpName=0x224b8d0, cchName=0x104 | out: lpName="Outlook Express") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x52, lpName=0x224b8d0, cchName=0x104 | out: lpName="PLA") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x53, lpName=0x224b8d0, cchName=0x104 | out: lpName="PowerShell") returned 0x0 [0095.830] RegEnumKeyW (in: hKey=0x38, dwIndex=0x54, lpName=0x224b8d0, cchName=0x104 | out: lpName="Print") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x55, lpName=0x224b8d0, cchName=0x104 | out: lpName="RADAR") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x56, lpName=0x224b8d0, cchName=0x104 | out: lpName="Ras") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x57, lpName=0x224b8d0, cchName=0x104 | out: lpName="RAS AutoDial") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x58, lpName=0x224b8d0, cchName=0x104 | out: lpName="Reliability Analysis") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x59, lpName=0x224b8d0, cchName=0x104 | out: lpName="RemovalTools") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5a, lpName=0x224b8d0, cchName=0x104 | out: lpName="RendezvousApps") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5b, lpName=0x224b8d0, cchName=0x104 | out: lpName="Router") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5c, lpName=0x224b8d0, cchName=0x104 | out: lpName="Rpc") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5d, lpName=0x224b8d0, cchName=0x104 | out: lpName="SchedulingAgent") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5e, lpName=0x224b8d0, cchName=0x104 | out: lpName="Schema Library") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5f, lpName=0x224b8d0, cchName=0x104 | out: lpName="Security Center") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x60, lpName=0x224b8d0, cchName=0x104 | out: lpName="Sensors") returned 0x0 [0095.831] RegEnumKeyW (in: hKey=0x38, dwIndex=0x61, lpName=0x224b8d0, cchName=0x104 | out: lpName="Shared") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x62, lpName=0x224b8d0, cchName=0x104 | out: lpName="Shared Tools") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x63, lpName=0x224b8d0, cchName=0x104 | out: lpName="Shared Tools Location") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x64, lpName=0x224b8d0, cchName=0x104 | out: lpName="SideShow") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x65, lpName=0x224b8d0, cchName=0x104 | out: lpName="SnippingTool") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x66, lpName=0x224b8d0, cchName=0x104 | out: lpName="Software") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x67, lpName=0x224b8d0, cchName=0x104 | out: lpName="Speech") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x68, lpName=0x224b8d0, cchName=0x104 | out: lpName="SQMClient") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x69, lpName=0x224b8d0, cchName=0x104 | out: lpName="Sync Framework") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6a, lpName=0x224b8d0, cchName=0x104 | out: lpName="Sysprep") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6b, lpName=0x224b8d0, cchName=0x104 | out: lpName="SystemCertificates") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6c, lpName=0x224b8d0, cchName=0x104 | out: lpName="TableTextService") returned 0x0 [0095.832] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6d, lpName=0x224b8d0, cchName=0x104 | out: lpName="TabletTip") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6e, lpName=0x224b8d0, cchName=0x104 | out: lpName="Tcpip") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6f, lpName=0x224b8d0, cchName=0x104 | out: lpName="Terminal Server Client") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x70, lpName=0x224b8d0, cchName=0x104 | out: lpName="TermServLicensing") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x71, lpName=0x224b8d0, cchName=0x104 | out: lpName="TIP Shared") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x72, lpName=0x224b8d0, cchName=0x104 | out: lpName="TPG") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x73, lpName=0x224b8d0, cchName=0x104 | out: lpName="Tpm") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x74, lpName=0x224b8d0, cchName=0x104 | out: lpName="Tracing") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x75, lpName=0x224b8d0, cchName=0x104 | out: lpName="Transaction Server") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x76, lpName=0x224b8d0, cchName=0x104 | out: lpName="TV System Services") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x77, lpName=0x224b8d0, cchName=0x104 | out: lpName="uDRM") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x78, lpName=0x224b8d0, cchName=0x104 | out: lpName="Updates") returned 0x0 [0095.833] RegEnumKeyW (in: hKey=0x38, dwIndex=0x79, lpName=0x224b8d0, cchName=0x104 | out: lpName="UPnP Device Host") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7a, lpName=0x224b8d0, cchName=0x104 | out: lpName="VBA") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7b, lpName=0x224b8d0, cchName=0x104 | out: lpName="Virtual Machine") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7c, lpName=0x224b8d0, cchName=0x104 | out: lpName="VisualStudio") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7d, lpName=0x224b8d0, cchName=0x104 | out: lpName="WAB") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7e, lpName=0x224b8d0, cchName=0x104 | out: lpName="WBEM") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7f, lpName=0x224b8d0, cchName=0x104 | out: lpName="WIMMount") returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0x38, dwIndex=0x80, lpName=0x224b8d0, cchName=0x104 | out: lpName="Windows") returned 0x0 [0095.834] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Windows", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0095.834] RegCloseKey (hKey=0x38) returned 0x0 [0095.834] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x224b8d0, cchName=0x104 | out: lpName="CurrentVersion") returned 0x0 [0095.834] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="CurrentVersion", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0095.835] RegCloseKey (hKey=0xcc) returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x0, lpName=0x224b8d0, cchName=0x104 | out: lpName="App Management") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1, lpName=0x224b8d0, cchName=0x104 | out: lpName="App Paths") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x2, lpName=0x224b8d0, cchName=0x104 | out: lpName="Applets") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x3, lpName=0x224b8d0, cchName=0x104 | out: lpName="Audio") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x4, lpName=0x224b8d0, cchName=0x104 | out: lpName="Authentication") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x5, lpName=0x224b8d0, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x6, lpName=0x224b8d0, cchName=0x104 | out: lpName="BITS") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x7, lpName=0x224b8d0, cchName=0x104 | out: lpName="Component Based Servicing") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x8, lpName=0x224b8d0, cchName=0x104 | out: lpName="Control Panel") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0x9, lpName=0x224b8d0, cchName=0x104 | out: lpName="Controls Folder") returned 0x0 [0095.835] RegEnumKeyW (in: hKey=0x38, dwIndex=0xa, lpName=0x224b8d0, cchName=0x104 | out: lpName="DateTime") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0xb, lpName=0x224b8d0, cchName=0x104 | out: lpName="Device Installer") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0xc, lpName=0x224b8d0, cchName=0x104 | out: lpName="Device Metadata") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0xd, lpName=0x224b8d0, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0xe, lpName=0x224b8d0, cchName=0x104 | out: lpName="DriverSearching") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0xf, lpName=0x224b8d0, cchName=0x104 | out: lpName="EventCollector") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x10, lpName=0x224b8d0, cchName=0x104 | out: lpName="EventForwarding") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x11, lpName=0x224b8d0, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x12, lpName=0x224b8d0, cchName=0x104 | out: lpName="Ext") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x13, lpName=0x224b8d0, cchName=0x104 | out: lpName="GameUX") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x14, lpName=0x224b8d0, cchName=0x104 | out: lpName="Group Policy") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x15, lpName=0x224b8d0, cchName=0x104 | out: lpName="Hints") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x16, lpName=0x224b8d0, cchName=0x104 | out: lpName="HomeGroup") returned 0x0 [0095.836] RegEnumKeyW (in: hKey=0x38, dwIndex=0x17, lpName=0x224b8d0, cchName=0x104 | out: lpName="HotStart") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x18, lpName=0x224b8d0, cchName=0x104 | out: lpName="IME") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x19, lpName=0x224b8d0, cchName=0x104 | out: lpName="Installer") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1a, lpName=0x224b8d0, cchName=0x104 | out: lpName="Internet Settings") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1b, lpName=0x224b8d0, cchName=0x104 | out: lpName="MCT") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1c, lpName=0x224b8d0, cchName=0x104 | out: lpName="Media Center") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1d, lpName=0x224b8d0, cchName=0x104 | out: lpName="MMDevices") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1e, lpName=0x224b8d0, cchName=0x104 | out: lpName="MSSHA") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x1f, lpName=0x224b8d0, cchName=0x104 | out: lpName="NetCache") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x20, lpName=0x224b8d0, cchName=0x104 | out: lpName="OEMInformation") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x21, lpName=0x224b8d0, cchName=0x104 | out: lpName="OOBE") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x22, lpName=0x224b8d0, cchName=0x104 | out: lpName="OptimalLayout") returned 0x0 [0095.837] RegEnumKeyW (in: hKey=0x38, dwIndex=0x23, lpName=0x224b8d0, cchName=0x104 | out: lpName="Parental Controls") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0x38, dwIndex=0x24, lpName=0x224b8d0, cchName=0x104 | out: lpName="Personalization") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0x38, dwIndex=0x25, lpName=0x224b8d0, cchName=0x104 | out: lpName="PhotoPropertyHandler") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0x38, dwIndex=0x26, lpName=0x224b8d0, cchName=0x104 | out: lpName="PnPSysprep") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0x38, dwIndex=0x27, lpName=0x224b8d0, cchName=0x104 | out: lpName="Policies") returned 0x0 [0095.838] RegOpenKeyExW (in: hKey=0x38, lpSubKey="Policies", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0xcc) returned 0x0 [0095.838] RegCloseKey (hKey=0x38) returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x0, lpName=0x224b8d0, cchName=0x104 | out: lpName="ActiveDesktop") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x1, lpName=0x224b8d0, cchName=0x104 | out: lpName="Attachments") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x2, lpName=0x224b8d0, cchName=0x104 | out: lpName="Explorer") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x3, lpName=0x224b8d0, cchName=0x104 | out: lpName="NonEnum") returned 0x0 [0095.838] RegEnumKeyW (in: hKey=0xcc, dwIndex=0x4, lpName=0x224b8d0, cchName=0x104 | out: lpName="System") returned 0x0 [0095.838] RegOpenKeyExW (in: hKey=0xcc, lpSubKey="System", ulOptions=0x0, samDesired=0x20109, phkResult=0x18fc04 | out: phkResult=0x18fc04*=0x38) returned 0x0 [0095.838] RegCloseKey (hKey=0xcc) returned 0x0 [0095.839] RegEnumValueA (in: hKey=0x38, dwIndex=0x0, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorAdmin", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.839] RegEnumValueA (in: hKey=0x38, dwIndex=0x1, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ConsentPromptBehaviorUser", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x2, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableInstallerDetection", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x3, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableLUA", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x4, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableSecureUIAPaths", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x5, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableUIADesktopToggle", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x6, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="EnableVirtualization", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x7, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="PromptOnSecureDesktop", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x8, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ValidateAdminCodeSignatures", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0x9, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="dontdisplaylastusername", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0xa, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticecaption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.840] RegEnumValueA (in: hKey=0x38, dwIndex=0xb, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="legalnoticetext", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.841] RegEnumValueA (in: hKey=0x38, dwIndex=0xc, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="scforceoption", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.841] RegEnumValueA (in: hKey=0x38, dwIndex=0xd, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="shutdownwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.841] RegEnumValueA (in: hKey=0x38, dwIndex=0xe, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="undockwithoutlogon", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.841] RegEnumValueA (in: hKey=0x38, dwIndex=0xf, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0095.841] RegEnumValueA (in: hKey=0x38, dwIndex=0x10, lpValueName=0x18fb20, lpcchValueName=0x18fb1c, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="FilterAdministratorToken", lpcchValueName=0x18fb1c, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x103 [0095.841] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x0, lpcbData=0x18fc34*=0x0 | out: lpType=0x18fc2c*=0x4, lpData=0x0, lpcbData=0x18fc34*=0x4) returned 0x0 [0095.841] RegQueryValueExA (in: hKey=0x38, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x18fc2c, lpData=0x224c420, lpcbData=0x18fc34*=0x4 | out: lpType=0x18fc2c*=0x4, lpData=0x224c420*=0x1, lpcbData=0x18fc34*=0x4) returned 0x0 [0095.841] RegCloseKey (hKey=0x38) returned 0x0 [0095.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fca8 | out: TokenHandle=0x18fca8*=0x38) returned 1 [0095.841] GetTokenInformation (in: TokenHandle=0x38, TokenInformationClass=0x14, TokenInformation=0x18fca4, TokenInformationLength=0x4, ReturnLength=0x18fca0 | out: TokenInformation=0x18fca4, ReturnLength=0x18fca0) returned 1 [0095.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fc94 | out: TokenHandle=0x18fc94*=0xcc) returned 1 [0095.842] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fc90 | out: TokenInformation=0x0, ReturnLength=0x18fc90) returned 0 [0095.842] GetTokenInformation (in: TokenHandle=0xcc, TokenInformationClass=0x19, TokenInformation=0x224c588, TokenInformationLength=0x14, ReturnLength=0x18fc90 | out: TokenInformation=0x224c588, ReturnLength=0x18fc90) returned 1 [0095.842] GetSidSubAuthorityCount (pSid=0x224c590*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x224c591 [0095.842] GetSidSubAuthority (pSid=0x224c590*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x224c598 [0095.842] NtClose (Handle=0xcc) returned 0x0 [0095.842] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0095.867] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x57c140, lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50 | out: lpbSaclPresent=0x18fd50, pSacl=0x18fda8, lpbSaclDefaulted=0x18fd50) returned 1 [0095.867] CreateMutexA (lpMutexAttributes=0x18fd9c, bInitialOwner=0, lpName="") returned 0x110 [0095.867] GetLastError () returned 0x0 [0095.867] LocalFree (hMem=0x57c140) returned 0x0 [0095.868] CryptAcquireContextW (in: phProv=0x18fdc8, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fdc8*=0x57c140) returned 1 [0095.890] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0095.891] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x57a468, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0095.891] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x114 [0095.891] GetLastError () returned 0x0 [0095.891] LocalFree (hMem=0x57a468) returned 0x0 [0095.891] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0095.913] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x57a468, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0095.913] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x118 [0095.914] GetLastError () returned 0x0 [0095.914] LocalFree (hMem=0x57a468) returned 0x0 [0095.914] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0095.914] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x57a468, lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c | out: lpbSaclPresent=0x18fd6c, pSacl=0x18fdd0, lpbSaclDefaulted=0x18fd6c) returned 1 [0095.914] CreateEventA (lpEventAttributes=0x18fdc4, bManualReset=1, bInitialState=0, lpName="") returned 0x120 [0095.914] GetLastError () returned 0x0 [0095.914] LocalFree (hMem=0x57a468) returned 0x0 [0095.915] ExpandEnvironmentStringsA (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\", lpDst=0x432558, nSize=0x2800 | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\") returned 0x32 [0095.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x432558, cbMultiByte=49, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49 [0095.915] ExpandEnvironmentStringsA (in: lpSrc="%windir%", lpDst=0x432558, nSize=0x2800 | out: lpDst="C:\\Windows") returned 0xb [0095.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x432558, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0095.915] ExpandEnvironmentStringsA (in: lpSrc="%temp%", lpDst=0x432558, nSize=0x2800 | out: lpDst="C:\\Windows\\TEMP") returned 0x10 [0095.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x432558, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0095.916] GetSystemWow64DirectoryW (in: lpBuffer=0x4377f8, uSize=0x40 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0095.916] FindFirstFileExW (in: lpFileName="C:\\Windows\\SysWOW64\\*.dll", fInfoLevelId=0x1, lpFindFileData=0x18fafc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18fafc) returned 0x57c200 [0095.916] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.917] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.917] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.917] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.918] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.919] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.920] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.921] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.925] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.925] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.925] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.926] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.927] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.928] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.929] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.930] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.930] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.930] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.930] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.930] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.930] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.931] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.931] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.931] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.932] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.933] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.943] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.943] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.943] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.943] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.943] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.944] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.945] FindNextFileW (in: hFindFile=0x57c200, lpFindFileData=0x18fafc | out: lpFindFileData=0x18fafc) returned 1 [0095.947] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0095.948] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjZw02phhS38kGYqwQKk+8ro6S\r\nGIVE3PrCJJrJHmLN8JvbajmhKV6J59ib0pTOgUa8GOU6FuSAExk31391QN5ANHij\r\n0r+4v1VbbXil7dNYijurfNF92HqStMO+hUc2hGWxn5tOgi6lGqBzr0lIHRayyZs2\r\nLtIpWRDVJTiFzpPNCwIDAQAB\r\n-----END PUBLIC KEY-----", cchString=0x0, dwFlags=0x0, pbBinary=0x4377f8, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4377f8, pcbBinary=0x18fd98, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0095.948] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x4377f8, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x0, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x0, pcbStructInfo=0x18fd98) returned 1 [0095.950] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x8, pbEncoded=0x4377f8, cbEncoded=0xa2, dwFlags=0x0, pvStructInfo=0x437f08, pcbStructInfo=0x18fd98 | out: pvStructInfo=0x437f08, pcbStructInfo=0x18fd98) returned 1 [0095.950] CryptImportPublicKeyInfo (in: hCryptProv=0x57c140, dwCertEncodingType=0x10001, pInfo=0x437f08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f40*, PublicKey.cUnusedBits=0x0), phKey=0x18fda0 | out: phKey=0x18fda0*=0x57c200) returned 1 [0095.951] ReleaseMutex (hMutex=0x110) returned 1 [0095.951] StartServiceCtrlDispatcherW (lpServiceTable=0x18fe10*(lpServiceName="", lpServiceProc=0x40f270)) returned 0 [0095.953] GetLastError () returned 0x427 [0095.953] GetCommandLineW () returned="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin" [0095.953] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin", pNumArgs=0x18fe00 | out: pNumArgs=0x18fe00) returned 0x594140*="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\\\V5HW0H~1:bin" [0095.953] Wow64DisableWow64FsRedirection (in: OldValue=0x18fde0 | out: OldValue=0x18fde0*=0x0) returned 1 [0095.953] CryptAcquireContextW (in: phProv=0x18fc3c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc3c*=0x5941b0) returned 1 [0095.954] CryptCreateHash (in: hProv=0x5941b0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x18fc3c | out: phHash=0x18fc3c) returned 1 [0095.954] CryptHashData (hHash=0x594588, pbData=0x224c0c0, dwDataLen=0x16, dwFlags=0x0) returned 1 [0095.954] CryptGetHashParam (in: hHash=0x594588, dwParam=0x4, pbData=0x18fc40, pdwDataLen=0x18fc4c, dwFlags=0x0 | out: pbData=0x18fc40, pdwDataLen=0x18fc4c) returned 1 [0095.954] CryptGetHashParam (in: hHash=0x594588, dwParam=0x2, pbData=0x224c9c0, pdwDataLen=0x18fc40, dwFlags=0x0 | out: pbData=0x224c9c0, pdwDataLen=0x18fc40) returned 1 [0095.954] CryptDestroyHash (hHash=0x594588) returned 1 [0095.955] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0095.955] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0095.956] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x593cf0, lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4 | out: lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4) returned 1 [0095.956] CreateEventA (lpEventAttributes=0x18fc4c, bManualReset=1, bInitialState=0, lpName="{06C11002-99B9-5502-651C-628268B034F2}") returned 0x128 [0095.956] GetLastError () returned 0x0 [0095.956] SetSecurityInfo () returned 0x0 [0095.959] LocalFree (hMem=0x593cf0) returned 0x0 [0095.959] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0095.960] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x593cf0, lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4 | out: lpbSaclPresent=0x18fbf4, pSacl=0x18fc58, lpbSaclDefaulted=0x18fbf4) returned 1 [0095.960] CreateEventA (lpEventAttributes=0x18fc4c, bManualReset=1, bInitialState=0, lpName="") returned 0x12c [0095.960] CryptAcquireContextW (in: phProv=0x18fc3c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fc3c*=0x5941b0) returned 1 [0095.961] CryptCreateHash (in: hProv=0x5941b0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x18fc3c | out: phHash=0x18fc3c) returned 1 [0095.961] CryptHashData (hHash=0x594588, pbData=0x224c0c0, dwDataLen=0xb, dwFlags=0x0) returned 1 [0095.961] CryptGetHashParam (in: hHash=0x594588, dwParam=0x4, pbData=0x18fc40, pdwDataLen=0x18fc4c, dwFlags=0x0 | out: pbData=0x18fc40, pdwDataLen=0x18fc4c) returned 1 [0095.961] CryptGetHashParam (in: hHash=0x594588, dwParam=0x2, pbData=0x432840, pdwDataLen=0x18fc40, dwFlags=0x0 | out: pbData=0x432840, pdwDataLen=0x18fc40) returned 1 [0095.961] CryptDestroyHash (hHash=0x594588) returned 1 [0095.961] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0095.961] OpenMutexA (dwDesiredAccess=0x100002, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x0 [0095.961] OpenMutexA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x0 [0095.961] OpenMutexA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}") returned 0x158 [0096.547] GetLogicalDrives () returned 0x4 [0096.548] GetDriveTypeW (lpRootPathName="C:") returned 0x3 [0096.548] GetSystemDirectoryW (in: lpBuffer=0x4377f8, uSize=0x40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0096.548] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP", lpszShortPath=0x433960, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP") returned 0xf [0096.548] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0096.549] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0096.549] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.549] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.550] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.550] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.550] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.550] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.550] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.550] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.551] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.551] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.551] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.552] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.552] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.552] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.553] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.553] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.553] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="FHB", uUnique=0x0, lpTempFileName=0x433558 | out: lpTempFileName="C:\\Windows\\TEMP\\FHB2F88.tmp" (normalized: "c:\\windows\\temp\\fhb2f88.tmp")) returned 0x2f88 [0096.554] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\FHB2F88.tmp", lpszShortPath=0x433960, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\FHB2F88.tmp") returned 0x1b [0096.554] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0096.555] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0096.555] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.555] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.556] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.556] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.556] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.556] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.556] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.556] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.557] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.557] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.557] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.558] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.558] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.558] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0096.559] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0096.559] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0096.559] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="2", uUnique=0x0, lpTempFileName=0x433558 | out: lpTempFileName="C:\\Windows\\TEMP\\22F89.tmp" (normalized: "c:\\windows\\temp\\22f89.tmp")) returned 0x2f89 [0096.559] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\22F89.tmp", lpszShortPath=0x433d68, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\22F89.tmp") returned 0x19 [0096.560] CreateFileW (lpFileName="C:\\Windows\\TEMP\\FHB2F88.tmp" (normalized: "c:\\windows\\temp\\fhb2f88.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0096.560] CreateFileW (lpFileName="C:\\Windows\\TEMP\\22F89.tmp" (normalized: "c:\\windows\\temp\\22f89.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0096.560] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\arp.exe", lpCommandLine="C:\\Windows\\system32\\arp.exe -a", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa68*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x15c, hStdError=0x160), lpProcessInformation=0x18fad0 | out: lpCommandLine="C:\\Windows\\system32\\arp.exe -a", lpProcessInformation=0x18fad0*(hProcess=0x168, hThread=0x164, dwProcessId=0xb3c, dwThreadId=0xb40)) returned 1 [0096.656] NtClose (Handle=0x164) returned 0x0 [0096.656] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xea60) returned 0x0 [0097.643] NtClose (Handle=0x15c) returned 0x0 [0097.643] NtClose (Handle=0x160) returned 0x0 [0097.643] CreateFileW (lpFileName="C:\\Windows\\TEMP\\FHB2F88.tmp" (normalized: "c:\\windows\\temp\\fhb2f88.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0097.643] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fa2c, lpLastWriteTime=0x18fa2c) returned 0 [0097.644] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fa18 | out: lpFileSizeHigh=0x18fa18*=0x0) returned 0x17a [0097.644] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fa24*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fa24*=0) returned 0x0 [0097.644] ReadFile (in: hFile=0x160, lpBuffer=0x4336e8, nNumberOfBytesToRead=0x17a, lpNumberOfBytesRead=0x18fa58, lpOverlapped=0x0 | out: lpBuffer=0x4336e8*, lpNumberOfBytesRead=0x18fa58*=0x17a, lpOverlapped=0x0) returned 1 [0097.644] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\FHB2F88.tmp", dwFileAttributes=0x80) returned 1 [0097.644] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\FHB2F88.tmp" (normalized: "c:\\windows\\temp\\fhb2f88.tmp")) returned 1 [0097.645] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\22F89.tmp" (normalized: "c:\\windows\\temp\\22f89.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fa28 | out: lpFileInformation=0x18fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa455410, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xaa455410, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xaa455410, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.646] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\22F89.tmp", dwFileAttributes=0x80) returned 1 [0097.646] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\22F89.tmp" (normalized: "c:\\windows\\temp\\22f89.tmp")) returned 1 [0097.646] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0097.647] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0097.647] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.647] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.648] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.648] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.648] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.649] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.649] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.649] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.649] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.649] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.649] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.650] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.650] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.650] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.651] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.651] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.651] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="BC", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\BC3380.tmp" (normalized: "c:\\windows\\temp\\bc3380.tmp")) returned 0x3380 [0097.651] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\BC3380.tmp", lpszShortPath=0x435200, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\BC3380.tmp") returned 0x1a [0097.652] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0097.652] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0097.652] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.653] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.653] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.653] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.653] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0097.654] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0097.654] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0097.654] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="xL", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\xL3381.tmp" (normalized: "c:\\windows\\temp\\xl3381.tmp")) returned 0x3381 [0097.654] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\xL3381.tmp", lpszShortPath=0x435608, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\xL3381.tmp") returned 0x1a [0097.655] CreateFileW (lpFileName="C:\\Windows\\TEMP\\BC3380.tmp" (normalized: "c:\\windows\\temp\\bc3380.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0097.655] CreateFileW (lpFileName="C:\\Windows\\TEMP\\xL3381.tmp" (normalized: "c:\\windows\\temp\\xl3381.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0097.655] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nslookup.exe", lpCommandLine="C:\\Windows\\system32\\nslookup.exe 192.168.0.1", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa68*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x168, hStdError=0x160), lpProcessInformation=0x18fad0 | out: lpCommandLine="C:\\Windows\\system32\\nslookup.exe 192.168.0.1", lpProcessInformation=0x18fad0*(hProcess=0x164, hThread=0x15c, dwProcessId=0xb6c, dwThreadId=0xb70)) returned 1 [0097.755] NtClose (Handle=0x15c) returned 0x0 [0097.755] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xea60) returned 0x0 [0099.612] NtClose (Handle=0x168) returned 0x0 [0099.615] NtClose (Handle=0x160) returned 0x0 [0099.622] CreateFileW (lpFileName="C:\\Windows\\TEMP\\BC3380.tmp" (normalized: "c:\\windows\\temp\\bc3380.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0099.622] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fa2c, lpLastWriteTime=0x18fa2c) returned 0 [0099.622] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fa18 | out: lpFileSizeHigh=0x18fa18*=0x0) returned 0x2b [0099.622] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fa24*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fa24*=0) returned 0x0 [0099.622] ReadFile (in: hFile=0x160, lpBuffer=0x4333c8, nNumberOfBytesToRead=0x2b, lpNumberOfBytesRead=0x18fa58, lpOverlapped=0x0 | out: lpBuffer=0x4333c8*, lpNumberOfBytesRead=0x18fa58*=0x2b, lpOverlapped=0x0) returned 1 [0099.622] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\BC3380.tmp", dwFileAttributes=0x80) returned 1 [0099.623] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\BC3380.tmp" (normalized: "c:\\windows\\temp\\bc3380.tmp")) returned 1 [0099.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\xL3381.tmp" (normalized: "c:\\windows\\temp\\xl3381.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fa28 | out: lpFileInformation=0x18fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaae00d70, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xaae00d70, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xabed08d0, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x3a)) returned 1 [0099.624] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\xL3381.tmp", dwFileAttributes=0x80) returned 1 [0099.625] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\xL3381.tmp" (normalized: "c:\\windows\\temp\\xl3381.tmp")) returned 1 [0099.633] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0099.634] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0099.634] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.634] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.635] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.635] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.635] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.635] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.635] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.635] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.637] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.637] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.637] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="I3R", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\I3R3AA3.tmp" (normalized: "c:\\windows\\temp\\i3r3aa3.tmp")) returned 0x3aa3 [0099.638] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\I3R3AA3.tmp", lpszShortPath=0x435200, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\I3R3AA3.tmp") returned 0x1b [0099.638] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0099.639] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0099.639] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.639] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.640] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.640] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.640] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.640] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.640] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.640] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.641] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.641] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.641] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="vp", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\vp3AA4.tmp" (normalized: "c:\\windows\\temp\\vp3aa4.tmp")) returned 0x3aa4 [0099.642] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\vp3AA4.tmp", lpszShortPath=0x435608, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\vp3AA4.tmp") returned 0x1a [0099.642] CreateFileW (lpFileName="C:\\Windows\\TEMP\\I3R3AA3.tmp" (normalized: "c:\\windows\\temp\\i3r3aa3.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0099.642] CreateFileW (lpFileName="C:\\Windows\\TEMP\\vp3AA4.tmp" (normalized: "c:\\windows\\temp\\vp3aa4.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0099.642] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nslookup.exe", lpCommandLine="C:\\Windows\\system32\\nslookup.exe 192.168.0.255", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa68*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x164, hStdError=0x160), lpProcessInformation=0x18fad0 | out: lpCommandLine="C:\\Windows\\system32\\nslookup.exe 192.168.0.255", lpProcessInformation=0x18fad0*(hProcess=0x15c, hThread=0x168, dwProcessId=0xb88, dwThreadId=0xb8c)) returned 1 [0099.647] NtClose (Handle=0x168) returned 0x0 [0099.647] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xea60) returned 0x0 [0099.851] NtClose (Handle=0x164) returned 0x0 [0099.851] NtClose (Handle=0x160) returned 0x0 [0099.852] CreateFileW (lpFileName="C:\\Windows\\TEMP\\I3R3AA3.tmp" (normalized: "c:\\windows\\temp\\i3r3aa3.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0099.852] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fa2c, lpLastWriteTime=0x18fa2c) returned 0 [0099.852] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fa18 | out: lpFileSizeHigh=0x18fa18*=0x0) returned 0x2b [0099.852] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fa24*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fa24*=0) returned 0x0 [0099.852] ReadFile (in: hFile=0x160, lpBuffer=0x432e70, nNumberOfBytesToRead=0x2b, lpNumberOfBytesRead=0x18fa58, lpOverlapped=0x0 | out: lpBuffer=0x432e70*, lpNumberOfBytesRead=0x18fa58*=0x2b, lpOverlapped=0x0) returned 1 [0099.852] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\I3R3AA3.tmp", dwFileAttributes=0x80) returned 1 [0099.853] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\I3R3AA3.tmp" (normalized: "c:\\windows\\temp\\i3r3aa3.tmp")) returned 1 [0099.854] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\vp3AA4.tmp" (normalized: "c:\\windows\\temp\\vp3aa4.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fa28 | out: lpFileInformation=0x18fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabf68e50, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xabf68e50, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xac158030, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x3c)) returned 1 [0099.854] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\vp3AA4.tmp", dwFileAttributes=0x80) returned 1 [0099.854] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\vp3AA4.tmp" (normalized: "c:\\windows\\temp\\vp3aa4.tmp")) returned 1 [0099.855] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0099.855] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0099.855] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.855] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.856] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.856] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.856] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.857] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.857] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.857] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="hF", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\hF3B7F.tmp" (normalized: "c:\\windows\\temp\\hf3b7f.tmp")) returned 0x3b7f [0099.857] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\hF3B7F.tmp", lpszShortPath=0x435200, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\hF3B7F.tmp") returned 0x1a [0099.857] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0099.858] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0099.858] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.858] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.859] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.859] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.859] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.859] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.859] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.859] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.860] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.860] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.860] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.861] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.861] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.861] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.861] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.861] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.862] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.862] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.862] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.862] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0099.863] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0099.863] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0099.863] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="qe", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\qe3B80.tmp" (normalized: "c:\\windows\\temp\\qe3b80.tmp")) returned 0x3b80 [0099.863] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\qe3B80.tmp", lpszShortPath=0x435608, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\qe3B80.tmp") returned 0x1a [0099.864] CreateFileW (lpFileName="C:\\Windows\\TEMP\\hF3B7F.tmp" (normalized: "c:\\windows\\temp\\hf3b7f.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0099.865] CreateFileW (lpFileName="C:\\Windows\\TEMP\\qe3B80.tmp" (normalized: "c:\\windows\\temp\\qe3b80.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0099.865] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nslookup.exe", lpCommandLine="C:\\Windows\\system32\\nslookup.exe 224.0.0.22", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa68*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x15c, hStdError=0x160), lpProcessInformation=0x18fad0 | out: lpCommandLine="C:\\Windows\\system32\\nslookup.exe 224.0.0.22", lpProcessInformation=0x18fad0*(hProcess=0x168, hThread=0x164, dwProcessId=0xba4, dwThreadId=0xba8)) returned 1 [0099.869] NtClose (Handle=0x164) returned 0x0 [0099.869] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xea60) returned 0x0 [0100.327] NtClose (Handle=0x15c) returned 0x0 [0100.328] NtClose (Handle=0x160) returned 0x0 [0100.328] CreateFileW (lpFileName="C:\\Windows\\TEMP\\hF3B7F.tmp" (normalized: "c:\\windows\\temp\\hf3b7f.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0100.328] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fa2c, lpLastWriteTime=0x18fa2c) returned 0 [0100.328] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fa18 | out: lpFileSizeHigh=0x18fa18*=0x0) returned 0x5c [0100.328] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fa24*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fa24*=0) returned 0x0 [0100.328] ReadFile (in: hFile=0x160, lpBuffer=0x431808, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x18fa58, lpOverlapped=0x0 | out: lpBuffer=0x431808*, lpNumberOfBytesRead=0x18fa58*=0x5c, lpOverlapped=0x0) returned 1 [0100.328] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\hF3B7F.tmp", dwFileAttributes=0x80) returned 1 [0100.331] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\hF3B7F.tmp" (normalized: "c:\\windows\\temp\\hf3b7f.tmp")) returned 1 [0100.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\qe3B80.tmp" (normalized: "c:\\windows\\temp\\qe3b80.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fa28 | out: lpFileInformation=0x18fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac17e190, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xac17e190, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xac17e190, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.332] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\qe3B80.tmp", dwFileAttributes=0x80) returned 1 [0100.332] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\qe3B80.tmp" (normalized: "c:\\windows\\temp\\qe3b80.tmp")) returned 1 [0100.333] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0100.333] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0100.333] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.333] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.334] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.334] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.334] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.335] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.335] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.335] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.335] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.335] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.335] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.336] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.336] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.336] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.337] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.337] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.337] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="ac", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\ac3D65.tmp" (normalized: "c:\\windows\\temp\\ac3d65.tmp")) returned 0x3d65 [0100.339] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\ac3D65.tmp", lpszShortPath=0x435200, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\ac3D65.tmp") returned 0x1a [0100.339] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0100.340] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0100.340] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.340] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.341] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.341] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.341] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.341] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.341] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.341] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.342] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.342] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.342] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="PK", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\PK3D66.tmp" (normalized: "c:\\windows\\temp\\pk3d66.tmp")) returned 0x3d66 [0100.342] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\PK3D66.tmp", lpszShortPath=0x435608, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\PK3D66.tmp") returned 0x1a [0100.343] CreateFileW (lpFileName="C:\\Windows\\TEMP\\ac3D65.tmp" (normalized: "c:\\windows\\temp\\ac3d65.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0100.343] CreateFileW (lpFileName="C:\\Windows\\TEMP\\PK3D66.tmp" (normalized: "c:\\windows\\temp\\pk3d66.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0100.343] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nslookup.exe", lpCommandLine="C:\\Windows\\system32\\nslookup.exe 224.0.0.252", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa68*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x168, hStdError=0x160), lpProcessInformation=0x18fad0 | out: lpCommandLine="C:\\Windows\\system32\\nslookup.exe 224.0.0.252", lpProcessInformation=0x18fad0*(hProcess=0x164, hThread=0x15c, dwProcessId=0xbbc, dwThreadId=0xbc0)) returned 1 [0100.346] NtClose (Handle=0x15c) returned 0x0 [0100.346] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xea60) returned 0x0 [0100.693] NtClose (Handle=0x168) returned 0x0 [0100.693] NtClose (Handle=0x160) returned 0x0 [0100.694] CreateFileW (lpFileName="C:\\Windows\\TEMP\\ac3D65.tmp" (normalized: "c:\\windows\\temp\\ac3d65.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0100.694] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fa2c, lpLastWriteTime=0x18fa2c) returned 0 [0100.694] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fa18 | out: lpFileSizeHigh=0x18fa18*=0x0) returned 0x2b [0100.694] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fa24*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fa24*=0) returned 0x0 [0100.695] ReadFile (in: hFile=0x160, lpBuffer=0x433338, nNumberOfBytesToRead=0x2b, lpNumberOfBytesRead=0x18fa58, lpOverlapped=0x0 | out: lpBuffer=0x433338*, lpNumberOfBytesRead=0x18fa58*=0x2b, lpOverlapped=0x0) returned 1 [0100.695] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\ac3D65.tmp", dwFileAttributes=0x80) returned 1 [0100.695] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\ac3D65.tmp" (normalized: "c:\\windows\\temp\\ac3d65.tmp")) returned 1 [0100.696] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\PK3D66.tmp" (normalized: "c:\\windows\\temp\\pk3d66.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fa28 | out: lpFileInformation=0x18fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac61ac30, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xac61ac30, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xac960a70, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x3a)) returned 1 [0100.696] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\PK3D66.tmp", dwFileAttributes=0x80) returned 1 [0100.696] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\PK3D66.tmp" (normalized: "c:\\windows\\temp\\pk3d66.tmp")) returned 1 [0100.697] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0100.698] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0100.698] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.698] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.699] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.699] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.699] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="6", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\63ECE.tmp" (normalized: "c:\\windows\\temp\\63ece.tmp")) returned 0x3ece [0100.699] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\63ECE.tmp", lpszShortPath=0x435200, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\63ECE.tmp") returned 0x19 [0100.699] CryptAcquireContextW (in: phProv=0x18f9e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9e0*=0x5941b0) returned 1 [0100.700] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f4 | out: pbBuffer=0x18f9f4) returned 1 [0100.700] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.700] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.701] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.701] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.701] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.702] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.702] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.702] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.702] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.702] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.702] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.703] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.703] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.703] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.704] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.704] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.704] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.705] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.705] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.705] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.705] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.705] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.705] CryptAcquireContextW (in: phProv=0x18f9dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9dc*=0x5941b0) returned 1 [0100.706] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9f0 | out: pbBuffer=0x18f9f0) returned 1 [0100.706] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0100.706] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="Uzz", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\Uzz3ECF.tmp" (normalized: "c:\\windows\\temp\\uzz3ecf.tmp")) returned 0x3ecf [0100.707] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\Uzz3ECF.tmp", lpszShortPath=0x435608, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\Uzz3ECF.tmp") returned 0x1b [0100.707] CreateFileW (lpFileName="C:\\Windows\\TEMP\\63ECE.tmp" (normalized: "c:\\windows\\temp\\63ece.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0100.707] CreateFileW (lpFileName="C:\\Windows\\TEMP\\Uzz3ECF.tmp" (normalized: "c:\\windows\\temp\\uzz3ecf.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fae0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0100.707] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nslookup.exe", lpCommandLine="C:\\Windows\\system32\\nslookup.exe 255.255.255.255", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa68*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x164, hStdError=0x160), lpProcessInformation=0x18fad0 | out: lpCommandLine="C:\\Windows\\system32\\nslookup.exe 255.255.255.255", lpProcessInformation=0x18fad0*(hProcess=0x15c, hThread=0x168, dwProcessId=0xbd8, dwThreadId=0xbdc)) returned 1 [0100.712] NtClose (Handle=0x168) returned 0x0 [0100.712] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xea60) returned 0x0 [0101.416] NtClose (Handle=0x164) returned 0x0 [0101.417] NtClose (Handle=0x160) returned 0x0 [0101.417] CreateFileW (lpFileName="C:\\Windows\\TEMP\\63ECE.tmp" (normalized: "c:\\windows\\temp\\63ece.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0101.417] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18fa2c, lpLastWriteTime=0x18fa2c) returned 0 [0101.417] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18fa18 | out: lpFileSizeHigh=0x18fa18*=0x0) returned 0x113 [0101.417] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18fa24*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18fa24*=0) returned 0x0 [0101.418] ReadFile (in: hFile=0x160, lpBuffer=0x4377f8, nNumberOfBytesToRead=0x113, lpNumberOfBytesRead=0x18fa58, lpOverlapped=0x0 | out: lpBuffer=0x4377f8*, lpNumberOfBytesRead=0x18fa58*=0x113, lpOverlapped=0x0) returned 1 [0101.418] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\63ECE.tmp", dwFileAttributes=0x80) returned 1 [0101.418] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\63ECE.tmp" (normalized: "c:\\windows\\temp\\63ece.tmp")) returned 1 [0101.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\Uzz3ECF.tmp" (normalized: "c:\\windows\\temp\\uzz3ecf.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18fa28 | out: lpFileInformation=0x18fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac986bd0, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xac986bd0, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xad0389b0, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x67)) returned 1 [0101.419] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\Uzz3ECF.tmp", dwFileAttributes=0x80) returned 1 [0101.419] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\Uzz3ECF.tmp" (normalized: "c:\\windows\\temp\\uzz3ecf.tmp")) returned 1 [0101.420] CryptAcquireContextW (in: phProv=0x18f9b0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9b0*=0x5941b0) returned 1 [0101.420] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c4 | out: pbBuffer=0x18f9c4) returned 1 [0101.420] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.420] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.421] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.421] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.421] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.421] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.422] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.422] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.422] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.422] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.422] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.423] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.423] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.423] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.423] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.423] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.423] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.424] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.424] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.424] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="P6", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\P6419D.tmp" (normalized: "c:\\windows\\temp\\p6419d.tmp")) returned 0x419d [0101.424] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\P6419D.tmp", lpszShortPath=0x435200, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\P6419D.tmp") returned 0x1a [0101.424] CryptAcquireContextW (in: phProv=0x18f9b0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9b0*=0x5941b0) returned 1 [0101.425] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c4 | out: pbBuffer=0x18f9c4) returned 1 [0101.425] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.425] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.425] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.425] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.425] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.426] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.426] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.426] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.426] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.426] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.426] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.427] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.427] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.427] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.427] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.427] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.427] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.428] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.428] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.428] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.428] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.428] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.428] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.429] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.429] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.429] CryptAcquireContextW (in: phProv=0x18f9ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f9ac*=0x5941b0) returned 1 [0101.429] CryptGenRandom (in: hProv=0x5941b0, dwLen=0x4, pbBuffer=0x18f9c0 | out: pbBuffer=0x18f9c0) returned 1 [0101.429] CryptReleaseContext (hProv=0x5941b0, dwFlags=0x0) returned 1 [0101.429] GetTempFileNameW (in: lpPathName="C:\\Windows\\TEMP", lpPrefixString="hD0", uUnique=0x0, lpTempFileName=0x434df8 | out: lpTempFileName="C:\\Windows\\TEMP\\hD041AE.tmp" (normalized: "c:\\windows\\temp\\hd041ae.tmp")) returned 0x41ae [0101.430] GetShortPathNameW (in: lpszLongPath="C:\\Windows\\TEMP\\hD041AE.tmp", lpszShortPath=0x435608, cchBuffer=0x100 | out: lpszShortPath="C:\\Windows\\TEMP\\hD041AE.tmp") returned 0x1b [0101.430] CreateFileW (lpFileName="C:\\Windows\\TEMP\\P6419D.tmp" (normalized: "c:\\windows\\temp\\p6419d.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fab0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0101.430] CreateFileW (lpFileName="C:\\Windows\\TEMP\\hD041AE.tmp" (normalized: "c:\\windows\\temp\\hd041ae.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x18fab0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0101.430] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\net.exe", lpCommandLine="C:\\Windows\\system32\\net.exe view igmp.mcast.net", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fa38*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x15c, hStdError=0x160), lpProcessInformation=0x18faa0 | out: lpCommandLine="C:\\Windows\\system32\\net.exe view igmp.mcast.net", lpProcessInformation=0x18faa0*(hProcess=0x168, hThread=0x164, dwProcessId=0xbf0, dwThreadId=0xbf4)) returned 1 [0101.656] NtClose (Handle=0x164) returned 0x0 [0101.656] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xea60) returned 0x0 [0122.195] NtClose (Handle=0x15c) returned 0x0 [0122.195] NtClose (Handle=0x160) returned 0x0 [0122.196] CreateFileW (lpFileName="C:\\Windows\\TEMP\\P6419D.tmp" (normalized: "c:\\windows\\temp\\p6419d.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0122.196] SetFileTime (hFile=0x160, lpCreationTime=0x0, lpLastAccessTime=0x18f9fc, lpLastWriteTime=0x18f9fc) returned 0 [0122.196] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x18f9e8 | out: lpFileSizeHigh=0x18f9e8*=0x0) returned 0x0 [0122.196] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f9f4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18f9f4*=0) returned 0x0 [0122.196] ReadFile (in: hFile=0x160, lpBuffer=0x433410, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x18fa28, lpOverlapped=0x0 | out: lpBuffer=0x433410*, lpNumberOfBytesRead=0x18fa28*=0x0, lpOverlapped=0x0) returned 1 [0122.196] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\P6419D.tmp", dwFileAttributes=0x80) returned 1 [0122.196] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\P6419D.tmp" (normalized: "c:\\windows\\temp\\p6419d.tmp")) returned 1 [0122.197] GetFileAttributesExW (in: lpFileName="C:\\Windows\\TEMP\\hD041AE.tmp" (normalized: "c:\\windows\\temp\\hd041ae.tmp"), fInfoLevelId=0x0, lpFileInformation=0x18f9f8 | out: lpFileInformation=0x18f9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad084c70, ftCreationTime.dwHighDateTime=0x1d41a7f, ftLastAccessTime.dwLowDateTime=0xad084c70, ftLastAccessTime.dwHighDateTime=0x1d41a7f, ftLastWriteTime.dwLowDateTime=0xb9473f50, ftLastWriteTime.dwHighDateTime=0x1d41a7f, nFileSizeHigh=0x0, nFileSizeLow=0x44)) returned 1 [0122.197] SetFileAttributesW (lpFileName="C:\\Windows\\TEMP\\hD041AE.tmp", dwFileAttributes=0x80) returned 1 [0122.197] DeleteFileW (lpFileName="C:\\Windows\\TEMP\\hD041AE.tmp" (normalized: "c:\\windows\\temp\\hd041ae.tmp")) returned 1 [0122.198] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Roaming\\V5HW0H~1" (normalized: "c:\\users\\5p5nrg~1\\appdata\\roaming\\v5hw0h~1")) returned 1 [0122.198] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0122.198] ExitProcess (uExitCode=0x0) Thread: id = 351 os_tid = 0xb28 Process: id = "23" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4d7b2000" os_pid = "0xae8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\FontCache" [0xe], "NT SERVICE\\Mcx2Svc" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TBS" [0xa], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0004ced0" [0xc000000f], "LOCAL" [0x7] Region: id = 2585 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2586 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2587 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2588 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2589 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2590 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2591 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2592 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2593 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2594 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2595 start_va = 0x7fffffdb000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2596 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2597 start_va = 0x310000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2598 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2599 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2600 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2601 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2602 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2603 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2604 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2605 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2606 start_va = 0xf0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2607 start_va = 0x100000 end_va = 0x1bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 2608 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2609 start_va = 0x510000 end_va = 0x697fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2610 start_va = 0x6a0000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2611 start_va = 0x830000 end_va = 0xc22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 2612 start_va = 0xc40000 end_va = 0xcbffff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 2613 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2614 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2615 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2616 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2617 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2618 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2619 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2620 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2621 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2622 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2623 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2624 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2625 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2626 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2786 start_va = 0x270000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2787 start_va = 0xcf0000 end_va = 0xd6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 2788 start_va = 0xeb0000 end_va = 0xf2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 2789 start_va = 0xf30000 end_va = 0x11fefff entry_point = 0xf30000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2790 start_va = 0x7fef41c0000 end_va = 0x7fef42dafff entry_point = 0x7fef41c0000 region_type = mapped_file name = "fntcache.dll" filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll") Region: id = 2791 start_va = 0x7fefb290000 end_va = 0x7fefb299fff entry_point = 0x7fefb290000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 2792 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2793 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2794 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2795 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Thread: id = 337 os_tid = 0xaec Thread: id = 338 os_tid = 0xaf0 Thread: id = 339 os_tid = 0xaf4 Thread: id = 340 os_tid = 0xaf8 Thread: id = 343 os_tid = 0xafc Thread: id = 349 os_tid = 0xb1c Thread: id = 388 os_tid = 0x6cc Process: id = "24" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x45abd000" os_pid = "0xb30" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\sppsvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0004e1ee" [0xc000000f], "LOCAL" [0x7] Region: id = 2814 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2815 start_va = 0x30000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2816 start_va = 0xb0000 end_va = 0xb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2817 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2818 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2819 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2820 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2821 start_va = 0xff150000 end_va = 0xff4aefff entry_point = 0xff150000 region_type = mapped_file name = "sppsvc.exe" filename = "\\Windows\\System32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe") Region: id = 2822 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2823 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2824 start_va = 0x7fffffda000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2825 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2826 start_va = 0x100000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2827 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2828 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3189 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3190 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3191 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3192 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3193 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 3194 start_va = 0x200000 end_va = 0x266fff entry_point = 0x200000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3195 start_va = 0x270000 end_va = 0x32ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 3196 start_va = 0x350000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 3197 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 3198 start_va = 0x460000 end_va = 0x5e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3199 start_va = 0x5f0000 end_va = 0x770fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 3200 start_va = 0x780000 end_va = 0xb72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 3201 start_va = 0xba0000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 3202 start_va = 0xd40000 end_va = 0xdbffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 3203 start_va = 0xef0000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 3204 start_va = 0xfc0000 end_va = 0x103ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 3205 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3206 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3207 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3208 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3209 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3210 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3211 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3212 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3213 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3214 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3215 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3216 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3217 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3218 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3219 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3220 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3221 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3222 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Thread: id = 352 os_tid = 0xb34 Thread: id = 353 os_tid = 0xb38 Thread: id = 355 os_tid = 0xb4c Thread: id = 357 os_tid = 0xb54 Thread: id = 359 os_tid = 0xb58 Thread: id = 403 os_tid = 0x850 Thread: id = 406 os_tid = 0x848 Process: id = "25" image_name = "arp.exe" filename = "c:\\windows\\system32\\arp.exe" page_root = "0x45bea000" os_pid = "0xb3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\arp.exe -a" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2829 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2830 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2831 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2832 start_va = 0xb0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2833 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2834 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2835 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2836 start_va = 0x7fffc000 end_va = 0x7fffcfff entry_point = 0x0 region_type = private name = "private_0x000000007fffc000" filename = "" Region: id = 2837 start_va = 0xff300000 end_va = 0xff309fff entry_point = 0xff300000 region_type = mapped_file name = "arp.exe" filename = "\\Windows\\System32\\ARP.EXE" (normalized: "c:\\windows\\system32\\arp.exe") Region: id = 2838 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2839 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2840 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2841 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 2842 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2843 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2844 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2845 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2846 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2847 start_va = 0x290000 end_va = 0x2f6fff entry_point = 0x290000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2848 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2849 start_va = 0x4f0000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2850 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2851 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2852 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2853 start_va = 0x7fef7d40000 end_va = 0x7fef7d4afff entry_point = 0x7fef7d40000 region_type = mapped_file name = "snmpapi.dll" filename = "\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll") Region: id = 2854 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2855 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2856 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2857 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2858 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2859 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2860 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2861 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2862 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2863 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2864 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2865 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2866 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2867 start_va = 0x70000 end_va = 0x71fff entry_point = 0x70000 region_type = mapped_file name = "arp.exe.mui" filename = "\\Windows\\System32\\en-US\\arp.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\arp.exe.mui") Region: id = 2868 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 2869 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2870 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2871 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2872 start_va = 0x820000 end_va = 0x1c1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 2873 start_va = 0x1c20000 end_va = 0x1eeefff entry_point = 0x1c20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2874 start_va = 0x7fef5e00000 end_va = 0x7fef5e13fff entry_point = 0x7fef5e00000 region_type = mapped_file name = "inetmib1.dll" filename = "\\Windows\\System32\\inetmib1.dll" (normalized: "c:\\windows\\system32\\inetmib1.dll") Region: id = 2875 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2876 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2877 start_va = 0x470000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2878 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2879 start_va = 0x2090000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 2880 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2881 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Thread: id = 354 os_tid = 0xb40 Thread: id = 360 os_tid = 0xb68 Process: id = "26" image_name = "nslookup.exe" filename = "c:\\windows\\system32\\nslookup.exe" page_root = "0x44330000" os_pid = "0xb6c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\nslookup.exe 192.168.0.1" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2882 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2883 start_va = 0x30000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2884 start_va = 0xb0000 end_va = 0xb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2885 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2886 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2887 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2888 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2889 start_va = 0x7fff6000 end_va = 0x7fff6fff entry_point = 0x0 region_type = private name = "private_0x000000007fff6000" filename = "" Region: id = 2890 start_va = 0xff440000 end_va = 0xff466fff entry_point = 0xff440000 region_type = mapped_file name = "nslookup.exe" filename = "\\Windows\\System32\\nslookup.exe" (normalized: "c:\\windows\\system32\\nslookup.exe") Region: id = 2891 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2892 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2893 start_va = 0x7fffffd3000 end_va = 0x7fffffd3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2894 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2895 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2896 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2897 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2898 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2899 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2900 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2901 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2902 start_va = 0x2b0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 2903 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2904 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2905 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2906 start_va = 0x7fef6c10000 end_va = 0x7fef6c18fff entry_point = 0x7fef6c10000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" (normalized: "c:\\windows\\system32\\wsock32.dll") Region: id = 2907 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2908 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2909 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2910 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2911 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2912 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2913 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2914 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2915 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2916 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2917 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2918 start_va = 0x140000 end_va = 0x146fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2919 start_va = 0x150000 end_va = 0x151fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 2920 start_va = 0x160000 end_va = 0x164fff entry_point = 0x160000 region_type = mapped_file name = "nslookup.exe.mui" filename = "\\Windows\\System32\\en-US\\nslookup.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\nslookup.exe.mui") Region: id = 2921 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2922 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2923 start_va = 0x3b0000 end_va = 0x537fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2924 start_va = 0x540000 end_va = 0x6c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2925 start_va = 0x6d0000 end_va = 0x1acffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 2926 start_va = 0x1b50000 end_va = 0x1bcffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 2927 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2928 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2929 start_va = 0x1bd0000 end_va = 0x1e9efff entry_point = 0x1bd0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2930 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2931 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2932 start_va = 0x1ea0000 end_va = 0x1f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 2933 start_va = 0x1ad0000 end_va = 0x1b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ad0000" filename = "" Region: id = 2934 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2935 start_va = 0x2020000 end_va = 0x209ffff entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 2936 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2937 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2938 start_va = 0x7fefbf10000 end_va = 0x7fefbf1afff entry_point = 0x7fefbf10000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2939 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2940 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2941 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2942 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Thread: id = 362 os_tid = 0xb70 [0099.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xaf9f0 | out: lpSystemTimeAsFileTime=0xaf9f0*(dwLowDateTime=0xabacc3b0, dwHighDateTime=0x1d41a7f)) [0099.165] GetCurrentProcessId () returned 0xb6c [0099.166] GetCurrentThreadId () returned 0xb70 [0099.166] GetTickCount () returned 0x238bb [0099.166] QueryPerformanceCounter (in: lpPerformanceCount=0xaf9f8 | out: lpPerformanceCount=0xaf9f8*=599773205) returned 1 [0099.178] GetModuleHandleW (lpModuleName=0x0) returned 0xff440000 [0099.178] __set_app_type (_Type=0x1) [0099.179] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff4509f8) returned 0x0 [0099.179] __getmainargs (in: _Argc=0xff45aa00, _Argv=0xff45aa10, _Env=0xff45aa08, _DoWildCard=0, _StartInfo=0xff45aa1c | out: _Argc=0xff45aa00, _Argv=0xff45aa10, _Env=0xff45aa08) returned 0 [0099.179] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0099.179] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0099.192] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xff462e80 | out: lpWSAData=0xff462e80) returned 0 [0099.204] socket (af=2, type=2, protocol=0) returned 0x6c [0099.213] closesocket (s=0x6c) returned 0 [0099.309] RtlIpv4StringToAddressA () returned 0x0 [0099.309] RtlInitAnsiString (in: DestinationString=0xaf850, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") [0099.309] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf840, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") returned 0x0 [0099.309] NtOpenKey (in: KeyHandle=0xaf918, DesiredAccess=0x20019, ObjectAttributes=0xaf860*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0xaf918*=0x6c) returned 0x0 [0099.309] RtlFreeAnsiString (AnsiString="\\") [0099.310] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf828, SourceString="DNSLookupOrder", AllocateDestinationString=0 | out: DestinationString="DNSLookupOrder") returned 0x0 [0099.310] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DNSLookupOrder", KeyValueInformationClass=0x1, KeyValueInformation=0x1d3980, Length=0x400, ResultLength=0xaf820 | out: KeyValueInformation=0x1d3980, ResultLength=0xaf820) returned 0xc0000034 [0099.310] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf828, SourceString="Domain", AllocateDestinationString=0 | out: DestinationString="Domain") returned 0x0 [0099.310] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="Domain", KeyValueInformationClass=0x1, KeyValueInformation=0x1d3980, Length=0x400, ResultLength=0xaf820 | out: KeyValueInformation=0x1d3980*(TitleIndex=0x0, Type=0x1, DataOffset=0x20, DataLength=0x2, NameLength=0xc, Name="Domain", Data=""), ResultLength=0xaf820) returned 0x0 [0099.310] RtlUnicodeStringToAnsiString (in: DestinationString=0xaf838, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0099.310] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf828, SourceString="DhcpDomain", AllocateDestinationString=0 | out: DestinationString="DhcpDomain") returned 0x0 [0099.310] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpDomain", KeyValueInformationClass=0x1, KeyValueInformation=0x1d3980, Length=0x400, ResultLength=0xaf820 | out: KeyValueInformation=0x1d3980, ResultLength=0xaf820) returned 0xc0000034 [0099.310] RtlInitAnsiString (in: DestinationString=0xaf850, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") [0099.310] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf840, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") returned 0x0 [0099.311] NtOpenKey (in: KeyHandle=0xaf920, DesiredAccess=0x20019, ObjectAttributes=0xaf860*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0xaf920*=0x0) returned 0xc0000034 [0099.311] RtlFreeAnsiString (AnsiString="\\") [0099.311] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf828, SourceString="SearchList", AllocateDestinationString=0 | out: DestinationString="SearchList") returned 0x0 [0099.311] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="SearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x1d3980, Length=0x400, ResultLength=0xaf820 | out: KeyValueInformation=0x1d3980*(TitleIndex=0x0, Type=0x1, DataOffset=0x28, DataLength=0x2, NameLength=0x14, Name="SearchList", Data=""), ResultLength=0xaf820) returned 0x0 [0099.311] RtlUnicodeStringToAnsiString (in: DestinationString=0xaf838, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0099.311] RtlAnsiStringToUnicodeString (in: DestinationString=0xaf828, SourceString="DhcpSearchList", AllocateDestinationString=0 | out: DestinationString="DhcpSearchList") returned 0x0 [0099.311] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpSearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x1d3980, Length=0x400, ResultLength=0xaf820 | out: KeyValueInformation=0x1d3980, ResultLength=0xaf820) returned 0xc0000034 [0099.311] gethostname (in: name=0x175ed0, namelen=12800 | out: name="XDuwTfOno") returned 0 [0099.476] getenv (_VarName="HOME") returned 0x0 [0099.476] DnsQueryConfigAllocEx () returned 0x1b51620 [0099.506] _vsnprintf (in: _DstBuf=0xaf7d0, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x9f748 | out: _DstBuf="1.0.168.192.in-addr.arpa.") returned 25 [0099.506] htons (hostshort=0x1) returned 0x100 [0099.506] htons (hostshort=0x1) returned 0x100 [0099.509] socket (af=2, type=2, protocol=0) returned 0x110 [0099.538] connect (s=0x110, name=0x1b51640*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0099.538] send (in: s=0x110, buf=0x9f7d0*, len=42, flags=0 | out: buf=0x9f7d0*) returned 42 [0099.539] select (in: nfds=272, readfds=0x8f240, writefds=0x0, exceptfds=0x0, timeout=0x8f218 | out: readfds=0x8f240, writefds=0x0, exceptfds=0x0) returned 1 [0099.540] recv (in: s=0x110, buf=0x8f730, len=65536, flags=0 | out: buf=0x8f730*) returned 42 [0099.540] closesocket (s=0x110) returned 0 [0099.540] RtlIpv4AddressToStringExA () returned 0xc000000d [0099.540] DnsFreeConfigStructure () returned 0x3c3dad01 [0099.540] strcpy_s (in: _Dst=0x2bdf80, _DstSize=0xc, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0099.540] LocalAlloc (uFlags=0x40, uBytes=0x60) returned 0x1daba0 [0099.540] strcpy_s (in: _Dst=0xff463020, _DstSize=0x100, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0099.541] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x35, dwLanguageId=0x0, lpBuffer=0xaf688, nSize=0x0, Arguments=0xaf680 | out: lpBuffer="`\x9c\x1e") returned 0x7 [0099.541] fprintf (in: _File=0x7feff2a2ab0, _Format="%-7s %s" | out: _File=0x7feff2a2ab0) returned 16 [0099.542] fprintf (in: _File=0x7feff2a2ab0, _Format="\nAddress:" | out: _File=0x7feff2a2ab0) returned 9 [0099.542] inet_ntoa (in=0x100a8c0) returned="192.168.0.1" [0099.542] fprintf (in: _File=0x7feff2a2ab0, _Format="%c %s" | out: _File=0x7feff2a2ab0) returned 13 [0099.542] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\n" | out: _File=0x7feff2a2ab0) returned 2 [0099.542] RtlIpv4StringToAddressA () returned 0x0 [0099.542] _vsnprintf (in: _DstBuf=0xaf4f0, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x9f468 | out: _DstBuf="1.0.168.192.in-addr.arpa.") returned 25 [0099.542] htons (hostshort=0x2) returned 0x200 [0099.542] htons (hostshort=0x1) returned 0x100 [0099.542] socket (af=2, type=2, protocol=0) returned 0x110 [0099.542] connect (s=0x110, name=0x1dabc0*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0099.542] send (in: s=0x110, buf=0x9f4f0*, len=42, flags=0 | out: buf=0x9f4f0*) returned 42 [0099.543] select (in: nfds=272, readfds=0x8ef60, writefds=0x0, exceptfds=0x0, timeout=0x8ef38 | out: readfds=0x8ef60, writefds=0x0, exceptfds=0x0) returned 1 [0099.543] recv (in: s=0x110, buf=0x8f450, len=65536, flags=0 | out: buf=0x8f450*) returned 42 [0099.543] closesocket (s=0x110) returned 0 [0099.543] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x34, dwLanguageId=0x400, lpBuffer=0xaf600, nSize=0x0, Arguments=0xaf608 | out: lpBuffer="ð\x8f\x1c") returned 0x39 [0099.543] CharToOemBuffA (in: lpszSrc="*** UnKnown can't find 192.168.0.1: Non-existent domain\r\n", lpszDst=0x1c8ff0, cchDstLength=0x39 | out: lpszDst="*** UnKnown can't find 192.168.0.1: Non-existent domain\r\n") returned 1 [0099.543] _write (in: _FileHandle=2, _Buf=0x1c8ff0*, _MaxCharCount=0x39 | out: _Buf=0x1c8ff0*) returned 57 [0099.548] LocalFree (hMem=0x1c8ff0) returned 0x0 [0099.548] LocalFree (hMem=0x1daba0) returned 0x0 [0099.548] exit (_Code=0) Thread: id = 364 os_tid = 0xb84 Process: id = "27" image_name = "nslookup.exe" filename = "c:\\windows\\system32\\nslookup.exe" page_root = "0x44ab5000" os_pid = "0xb88" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\nslookup.exe 192.168.0.255" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2943 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2944 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2945 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2946 start_va = 0x170000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2947 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2948 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2949 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2950 start_va = 0x7fff9000 end_va = 0x7fff9fff entry_point = 0x0 region_type = private name = "private_0x000000007fff9000" filename = "" Region: id = 2951 start_va = 0xff050000 end_va = 0xff076fff entry_point = 0xff050000 region_type = mapped_file name = "nslookup.exe" filename = "\\Windows\\System32\\nslookup.exe" (normalized: "c:\\windows\\system32\\nslookup.exe") Region: id = 2952 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2953 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2954 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2955 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2956 start_va = 0x3d0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2957 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2958 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2959 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2960 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2961 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2962 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2963 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2964 start_va = 0xe0000 end_va = 0xe4fff entry_point = 0xe0000 region_type = mapped_file name = "nslookup.exe.mui" filename = "\\Windows\\System32\\en-US\\nslookup.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\nslookup.exe.mui") Region: id = 2965 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2966 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2967 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2968 start_va = 0x4d0000 end_va = 0x657fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 2969 start_va = 0x6c0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2970 start_va = 0x6d0000 end_va = 0x850fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 2971 start_va = 0x860000 end_va = 0x1c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 2972 start_va = 0x1e20000 end_va = 0x1e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 2973 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2974 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2975 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2976 start_va = 0x7fef7030000 end_va = 0x7fef7038fff entry_point = 0x7fef7030000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" (normalized: "c:\\windows\\system32\\wsock32.dll") Region: id = 2977 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2978 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2979 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2980 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2981 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2982 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2983 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2984 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2985 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2986 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2987 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2988 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2989 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2990 start_va = 0x1ea0000 end_va = 0x216efff entry_point = 0x1ea0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2991 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2992 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2993 start_va = 0x110000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2994 start_va = 0x2f0000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2995 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2996 start_va = 0x1d60000 end_va = 0x1ddffff entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 2997 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2998 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2999 start_va = 0x7fefbf10000 end_va = 0x7fefbf1afff entry_point = 0x7fefbf10000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3000 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3001 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3002 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3003 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Thread: id = 365 os_tid = 0xb8c [0099.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efe70 | out: lpSystemTimeAsFileTime=0x1efe70*(dwLowDateTime=0xac0013d0, dwHighDateTime=0x1d41a7f)) [0099.708] GetCurrentProcessId () returned 0xb88 [0099.708] GetCurrentThreadId () returned 0xb8c [0099.708] GetTickCount () returned 0x23add [0099.708] QueryPerformanceCounter (in: lpPerformanceCount=0x1efe78 | out: lpPerformanceCount=0x1efe78*=601679146) returned 1 [0099.711] GetModuleHandleW (lpModuleName=0x0) returned 0xff050000 [0099.711] __set_app_type (_Type=0x1) [0099.712] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff0609f8) returned 0x0 [0099.712] __getmainargs (in: _Argc=0xff06aa00, _Argv=0xff06aa10, _Env=0xff06aa08, _DoWildCard=0, _StartInfo=0xff06aa1c | out: _Argc=0xff06aa00, _Argv=0xff06aa10, _Env=0xff06aa08) returned 0 [0099.718] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0099.718] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0099.718] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xff072e80 | out: lpWSAData=0xff072e80) returned 0 [0099.724] socket (af=2, type=2, protocol=0) returned 0x6c [0099.725] closesocket (s=0x6c) returned 0 [0099.726] RtlIpv4StringToAddressA () returned 0x0 [0099.726] RtlInitAnsiString (in: DestinationString=0x1efcd0, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") [0099.726] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efcc0, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") returned 0x0 [0099.726] NtOpenKey (in: KeyHandle=0x1efd98, DesiredAccess=0x20019, ObjectAttributes=0x1efce0*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x1efd98*=0x6c) returned 0x0 [0099.726] RtlFreeAnsiString (AnsiString="\\") [0099.726] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="DNSLookupOrder", AllocateDestinationString=0 | out: DestinationString="DNSLookupOrder") returned 0x0 [0099.727] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DNSLookupOrder", KeyValueInformationClass=0x1, KeyValueInformation=0x3f3980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x3f3980, ResultLength=0x1efca0) returned 0xc0000034 [0099.727] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="Domain", AllocateDestinationString=0 | out: DestinationString="Domain") returned 0x0 [0099.727] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="Domain", KeyValueInformationClass=0x1, KeyValueInformation=0x3f3980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x3f3980*(TitleIndex=0x0, Type=0x1, DataOffset=0x20, DataLength=0x2, NameLength=0xc, Name="Domain", Data=""), ResultLength=0x1efca0) returned 0x0 [0099.727] RtlUnicodeStringToAnsiString (in: DestinationString=0x1efcb8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0099.727] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="DhcpDomain", AllocateDestinationString=0 | out: DestinationString="DhcpDomain") returned 0x0 [0099.727] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpDomain", KeyValueInformationClass=0x1, KeyValueInformation=0x3f3980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x3f3980, ResultLength=0x1efca0) returned 0xc0000034 [0099.727] RtlInitAnsiString (in: DestinationString=0x1efcd0, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") [0099.727] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efcc0, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") returned 0x0 [0099.727] NtOpenKey (in: KeyHandle=0x1efda0, DesiredAccess=0x20019, ObjectAttributes=0x1efce0*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x1efda0*=0x0) returned 0xc0000034 [0099.728] RtlFreeAnsiString (AnsiString="\\") [0099.728] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="SearchList", AllocateDestinationString=0 | out: DestinationString="SearchList") returned 0x0 [0099.728] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="SearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x3f3980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x3f3980*(TitleIndex=0x0, Type=0x1, DataOffset=0x28, DataLength=0x2, NameLength=0x14, Name="SearchList", Data=""), ResultLength=0x1efca0) returned 0x0 [0099.728] RtlUnicodeStringToAnsiString (in: DestinationString=0x1efcb8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0099.728] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="DhcpSearchList", AllocateDestinationString=0 | out: DestinationString="DhcpSearchList") returned 0x0 [0099.728] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpSearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x3f3980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x3f3980, ResultLength=0x1efca0) returned 0xc0000034 [0099.728] gethostname (in: name=0x6c5ed0, namelen=12800 | out: name="XDuwTfOno") returned 0 [0099.799] getenv (_VarName="HOME") returned 0x0 [0099.799] DnsQueryConfigAllocEx () returned 0x1e21620 [0099.834] _vsnprintf (in: _DstBuf=0x1efc50, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x1dfbc8 | out: _DstBuf="1.0.168.192.in-addr.arpa.") returned 25 [0099.834] htons (hostshort=0x1) returned 0x100 [0099.834] htons (hostshort=0x1) returned 0x100 [0099.837] socket (af=2, type=2, protocol=0) returned 0x110 [0099.838] connect (s=0x110, name=0x1e21640*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0099.838] send (in: s=0x110, buf=0x1dfc50*, len=42, flags=0 | out: buf=0x1dfc50*) returned 42 [0099.838] select (in: nfds=272, readfds=0x1cf6c0, writefds=0x0, exceptfds=0x0, timeout=0x1cf698 | out: readfds=0x1cf6c0, writefds=0x0, exceptfds=0x0) returned 1 [0099.838] recv (in: s=0x110, buf=0x1cfbb0, len=65536, flags=0 | out: buf=0x1cfbb0*) returned 42 [0099.838] closesocket (s=0x110) returned 0 [0099.839] RtlIpv4AddressToStringExA () returned 0xc000000d [0099.839] DnsFreeConfigStructure () returned 0x40bf9201 [0099.839] strcpy_s (in: _Dst=0x1fdfb0, _DstSize=0xc, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0099.839] LocalAlloc (uFlags=0x40, uBytes=0x60) returned 0x3faba0 [0099.839] strcpy_s (in: _Dst=0xff073020, _DstSize=0x100, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0099.839] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x35, dwLanguageId=0x0, lpBuffer=0x1efb08, nSize=0x0, Arguments=0x1efb00 | out: lpBuffer="`\x9c@") returned 0x7 [0099.839] fprintf (in: _File=0x7feff2a2ab0, _Format="%-7s %s" | out: _File=0x7feff2a2ab0) returned 16 [0099.840] fprintf (in: _File=0x7feff2a2ab0, _Format="\nAddress:" | out: _File=0x7feff2a2ab0) returned 9 [0099.840] inet_ntoa (in=0x100a8c0) returned="192.168.0.1" [0099.840] fprintf (in: _File=0x7feff2a2ab0, _Format="%c %s" | out: _File=0x7feff2a2ab0) returned 13 [0099.840] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\n" | out: _File=0x7feff2a2ab0) returned 2 [0099.840] RtlIpv4StringToAddressA () returned 0x0 [0099.840] _vsnprintf (in: _DstBuf=0x1ef970, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x1df8e8 | out: _DstBuf="255.0.168.192.in-addr.arpa.") returned 27 [0099.840] htons (hostshort=0x2) returned 0x200 [0099.840] htons (hostshort=0x1) returned 0x100 [0099.840] socket (af=2, type=2, protocol=0) returned 0x110 [0099.840] connect (s=0x110, name=0x3fabc0*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0099.840] send (in: s=0x110, buf=0x1df970*, len=44, flags=0 | out: buf=0x1df970*) returned 44 [0099.841] select (in: nfds=272, readfds=0x1cf3e0, writefds=0x0, exceptfds=0x0, timeout=0x1cf3b8 | out: readfds=0x1cf3e0, writefds=0x0, exceptfds=0x0) returned 1 [0099.841] recv (in: s=0x110, buf=0x1cf8d0, len=65536, flags=0 | out: buf=0x1cf8d0*) returned 44 [0099.842] closesocket (s=0x110) returned 0 [0099.842] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x34, dwLanguageId=0x400, lpBuffer=0x1efa80, nSize=0x0, Arguments=0x1efa88 | out: lpBuffer="ð\x8f>") returned 0x3b [0099.842] CharToOemBuffA (in: lpszSrc="*** UnKnown can't find 192.168.0.255: Non-existent domain\r\n", lpszDst=0x3e8ff0, cchDstLength=0x3b | out: lpszDst="*** UnKnown can't find 192.168.0.255: Non-existent domain\r\n") returned 1 [0099.842] _write (in: _FileHandle=2, _Buf=0x3e8ff0*, _MaxCharCount=0x3b | out: _Buf=0x3e8ff0*) returned 59 [0099.843] LocalFree (hMem=0x3e8ff0) returned 0x0 [0099.843] LocalFree (hMem=0x3faba0) returned 0x0 [0099.843] exit (_Code=0) Thread: id = 367 os_tid = 0xba0 Process: id = "28" image_name = "nslookup.exe" filename = "c:\\windows\\system32\\nslookup.exe" page_root = "0x43dba000" os_pid = "0xba4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\nslookup.exe 224.0.0.22" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3004 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3005 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3006 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3007 start_va = 0x170000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3008 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3009 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3010 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3011 start_va = 0x7fff5000 end_va = 0x7fff5fff entry_point = 0x0 region_type = private name = "private_0x000000007fff5000" filename = "" Region: id = 3012 start_va = 0xff6e0000 end_va = 0xff706fff entry_point = 0xff6e0000 region_type = mapped_file name = "nslookup.exe" filename = "\\Windows\\System32\\nslookup.exe" (normalized: "c:\\windows\\system32\\nslookup.exe") Region: id = 3013 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3014 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3015 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3016 start_va = 0x7fffffde000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3017 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 3018 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3019 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3020 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3021 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3022 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3023 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3024 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3025 start_va = 0xe0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3026 start_va = 0xf0000 end_va = 0xf4fff entry_point = 0xf0000 region_type = mapped_file name = "nslookup.exe.mui" filename = "\\Windows\\System32\\en-US\\nslookup.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\nslookup.exe.mui") Region: id = 3027 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 3028 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 3029 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3030 start_va = 0x4e0000 end_va = 0x667fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 3031 start_va = 0x670000 end_va = 0x7f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 3032 start_va = 0x800000 end_va = 0x1bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 3033 start_va = 0x1d30000 end_va = 0x1daffff entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 3034 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3035 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3036 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3037 start_va = 0x7fef7020000 end_va = 0x7fef7028fff entry_point = 0x7fef7020000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" (normalized: "c:\\windows\\system32\\wsock32.dll") Region: id = 3038 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3039 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3040 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3041 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3042 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3043 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3044 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3045 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3046 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3047 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3048 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3049 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3050 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3051 start_va = 0x1db0000 end_va = 0x207efff entry_point = 0x1db0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3052 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3053 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3054 start_va = 0x1f0000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3055 start_va = 0x120000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 3056 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3057 start_va = 0x1c20000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c20000" filename = "" Region: id = 3058 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3059 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3060 start_va = 0x7fefbf10000 end_va = 0x7fefbf1afff entry_point = 0x7fefbf10000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3061 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3062 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3063 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3064 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Thread: id = 368 os_tid = 0xba8 [0100.211] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efe70 | out: lpSystemTimeAsFileTime=0x1efe70*(dwLowDateTime=0xac4c3fd0, dwHighDateTime=0x1d41a7f)) [0100.211] GetCurrentProcessId () returned 0xba4 [0100.211] GetCurrentThreadId () returned 0xba8 [0100.211] GetTickCount () returned 0x23cd0 [0100.211] QueryPerformanceCounter (in: lpPerformanceCount=0x1efe78 | out: lpPerformanceCount=0x1efe78*=603445740) returned 1 [0100.213] GetModuleHandleW (lpModuleName=0x0) returned 0xff6e0000 [0100.222] __set_app_type (_Type=0x1) [0100.222] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff6f09f8) returned 0x0 [0100.222] __getmainargs (in: _Argc=0xff6faa00, _Argv=0xff6faa10, _Env=0xff6faa08, _DoWildCard=0, _StartInfo=0xff6faa1c | out: _Argc=0xff6faa00, _Argv=0xff6faa10, _Env=0xff6faa08) returned 0 [0100.222] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0100.222] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0100.222] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xff702e80 | out: lpWSAData=0xff702e80) returned 0 [0100.229] socket (af=2, type=2, protocol=0) returned 0x6c [0100.231] closesocket (s=0x6c) returned 0 [0100.231] RtlIpv4StringToAddressA () returned 0x0 [0100.231] RtlInitAnsiString (in: DestinationString=0x1efcd0, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") [0100.231] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efcc0, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") returned 0x0 [0100.231] NtOpenKey (in: KeyHandle=0x1efd98, DesiredAccess=0x20019, ObjectAttributes=0x1efce0*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x1efd98*=0x6c) returned 0x0 [0100.231] RtlFreeAnsiString (AnsiString="\\") [0100.231] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="DNSLookupOrder", AllocateDestinationString=0 | out: DestinationString="DNSLookupOrder") returned 0x0 [0100.232] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DNSLookupOrder", KeyValueInformationClass=0x1, KeyValueInformation=0x303980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x303980, ResultLength=0x1efca0) returned 0xc0000034 [0100.232] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="Domain", AllocateDestinationString=0 | out: DestinationString="Domain") returned 0x0 [0100.232] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="Domain", KeyValueInformationClass=0x1, KeyValueInformation=0x303980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x303980*(TitleIndex=0x0, Type=0x1, DataOffset=0x20, DataLength=0x2, NameLength=0xc, Name="Domain", Data=""), ResultLength=0x1efca0) returned 0x0 [0100.232] RtlUnicodeStringToAnsiString (in: DestinationString=0x1efcb8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0100.232] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="DhcpDomain", AllocateDestinationString=0 | out: DestinationString="DhcpDomain") returned 0x0 [0100.232] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpDomain", KeyValueInformationClass=0x1, KeyValueInformation=0x303980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x303980, ResultLength=0x1efca0) returned 0xc0000034 [0100.232] RtlInitAnsiString (in: DestinationString=0x1efcd0, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") [0100.232] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efcc0, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") returned 0x0 [0100.232] NtOpenKey (in: KeyHandle=0x1efda0, DesiredAccess=0x20019, ObjectAttributes=0x1efce0*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x1efda0*=0x0) returned 0xc0000034 [0100.232] RtlFreeAnsiString (AnsiString="\\") [0100.232] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="SearchList", AllocateDestinationString=0 | out: DestinationString="SearchList") returned 0x0 [0100.232] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="SearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x303980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x303980*(TitleIndex=0x0, Type=0x1, DataOffset=0x28, DataLength=0x2, NameLength=0x14, Name="SearchList", Data=""), ResultLength=0x1efca0) returned 0x0 [0100.232] RtlUnicodeStringToAnsiString (in: DestinationString=0x1efcb8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0100.233] RtlAnsiStringToUnicodeString (in: DestinationString=0x1efca8, SourceString="DhcpSearchList", AllocateDestinationString=0 | out: DestinationString="DhcpSearchList") returned 0x0 [0100.233] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpSearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x303980, Length=0x400, ResultLength=0x1efca0 | out: KeyValueInformation=0x303980, ResultLength=0x1efca0) returned 0xc0000034 [0100.233] gethostname (in: name=0xe5ed0, namelen=12800 | out: name="XDuwTfOno") returned 0 [0100.243] getenv (_VarName="HOME") returned 0x0 [0100.243] DnsQueryConfigAllocEx () returned 0x1d31620 [0100.309] _vsnprintf (in: _DstBuf=0x1efc50, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x1dfbc8 | out: _DstBuf="1.0.168.192.in-addr.arpa.") returned 25 [0100.309] htons (hostshort=0x1) returned 0x100 [0100.309] htons (hostshort=0x1) returned 0x100 [0100.310] socket (af=2, type=2, protocol=0) returned 0x110 [0100.311] connect (s=0x110, name=0x1d31640*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0100.311] send (in: s=0x110, buf=0x1dfc50*, len=42, flags=0 | out: buf=0x1dfc50*) returned 42 [0100.311] select (in: nfds=272, readfds=0x1cf6c0, writefds=0x0, exceptfds=0x0, timeout=0x1cf698 | out: readfds=0x1cf6c0, writefds=0x0, exceptfds=0x0) returned 1 [0100.311] recv (in: s=0x110, buf=0x1cfbb0, len=65536, flags=0 | out: buf=0x1cfbb0*) returned 42 [0100.311] closesocket (s=0x110) returned 0 [0100.312] RtlIpv4AddressToStringExA () returned 0xc000000d [0100.312] DnsFreeConfigStructure () returned 0x17db2c01 [0100.312] strcpy_s (in: _Dst=0x3edf80, _DstSize=0xc, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0100.312] LocalAlloc (uFlags=0x40, uBytes=0x60) returned 0x30aba0 [0100.312] strcpy_s (in: _Dst=0xff703020, _DstSize=0x100, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0100.312] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x35, dwLanguageId=0x0, lpBuffer=0x1efb08, nSize=0x0, Arguments=0x1efb00 | out: lpBuffer="`\x9c1") returned 0x7 [0100.313] fprintf (in: _File=0x7feff2a2ab0, _Format="%-7s %s" | out: _File=0x7feff2a2ab0) returned 16 [0100.313] fprintf (in: _File=0x7feff2a2ab0, _Format="\nAddress:" | out: _File=0x7feff2a2ab0) returned 9 [0100.313] inet_ntoa (in=0x100a8c0) returned="192.168.0.1" [0100.313] fprintf (in: _File=0x7feff2a2ab0, _Format="%c %s" | out: _File=0x7feff2a2ab0) returned 13 [0100.313] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\n" | out: _File=0x7feff2a2ab0) returned 2 [0100.313] RtlIpv4StringToAddressA () returned 0x0 [0100.313] _vsnprintf (in: _DstBuf=0x1ef970, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x1df8e8 | out: _DstBuf="22.0.0.224.in-addr.arpa.") returned 24 [0100.313] htons (hostshort=0x2) returned 0x200 [0100.313] htons (hostshort=0x1) returned 0x100 [0100.313] socket (af=2, type=2, protocol=0) returned 0x110 [0100.313] connect (s=0x110, name=0x30abc0*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0100.313] send (in: s=0x110, buf=0x1df970*, len=41, flags=0 | out: buf=0x1df970*) returned 41 [0100.314] select (in: nfds=272, readfds=0x1cf3e0, writefds=0x0, exceptfds=0x0, timeout=0x1cf3b8 | out: readfds=0x1cf3e0, writefds=0x0, exceptfds=0x0) returned 1 [0100.314] recv (in: s=0x110, buf=0x1cf8d0, len=65536, flags=0 | out: buf=0x1cf8d0*) returned 69 [0100.314] closesocket (s=0x110) returned 0 [0100.314] htons (hostshort=0x100) returned 0x1 [0100.314] htons (hostshort=0x100) returned 0x1 [0100.314] htons (hostshort=0x0) returned 0x0 [0100.314] htons (hostshort=0x0) returned 0x0 [0100.314] LocalAlloc (uFlags=0x40, uBytes=0x60) returned 0x30aac0 [0100.314] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x31, dwLanguageId=0x0, lpBuffer=0x1efa68, nSize=0x0, Arguments=0x1efa60 | out: lpBuffer="p\x9c1") returned 0x5 [0100.315] fprintf (in: _File=0x7feff2a2ab0, _Format="%-7s %s" | out: _File=0x7feff2a2ab0) returned 23 [0100.315] fprintf (in: _File=0x7feff2a2ab0, _Format="\nAddress:" | out: _File=0x7feff2a2ab0) returned 9 [0100.315] inet_ntoa (in=0x160000e0) returned="224.0.0.22" [0100.315] fprintf (in: _File=0x7feff2a2ab0, _Format="%c %s" | out: _File=0x7feff2a2ab0) returned 12 [0100.315] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\n" | out: _File=0x7feff2a2ab0) returned 2 [0100.315] LocalFree (hMem=0x30aba0) returned 0x0 [0100.315] exit (_Code=0) Thread: id = 369 os_tid = 0xbb8 Process: id = "29" image_name = "nslookup.exe" filename = "c:\\windows\\system32\\nslookup.exe" page_root = "0x432ff000" os_pid = "0xbbc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\nslookup.exe 224.0.0.252" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3065 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3066 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3067 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3068 start_va = 0xb0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3069 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3070 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3071 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3072 start_va = 0x7fff3000 end_va = 0x7fff3fff entry_point = 0x0 region_type = private name = "private_0x000000007fff3000" filename = "" Region: id = 3073 start_va = 0xff380000 end_va = 0xff3a6fff entry_point = 0xff380000 region_type = mapped_file name = "nslookup.exe" filename = "\\Windows\\System32\\nslookup.exe" (normalized: "c:\\windows\\system32\\nslookup.exe") Region: id = 3074 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3075 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3076 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3077 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3078 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3079 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3080 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3081 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3082 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3083 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3084 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3085 start_va = 0x70000 end_va = 0x74fff entry_point = 0x70000 region_type = mapped_file name = "nslookup.exe.mui" filename = "\\Windows\\System32\\en-US\\nslookup.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\nslookup.exe.mui") Region: id = 3086 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3087 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3088 start_va = 0x130000 end_va = 0x196fff entry_point = 0x130000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3089 start_va = 0x1a0000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3090 start_va = 0x400000 end_va = 0x587fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 3091 start_va = 0x5d0000 end_va = 0x5dffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 3092 start_va = 0x5e0000 end_va = 0x760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3093 start_va = 0x770000 end_va = 0x1b6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 3094 start_va = 0x1bb0000 end_va = 0x1c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 3095 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3096 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3097 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3098 start_va = 0x7fef7030000 end_va = 0x7fef7038fff entry_point = 0x7fef7030000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" (normalized: "c:\\windows\\system32\\wsock32.dll") Region: id = 3099 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3100 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3101 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3102 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3103 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3104 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3105 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3106 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3107 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3108 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3109 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3110 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3111 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3112 start_va = 0x1c30000 end_va = 0x1efefff entry_point = 0x1c30000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3113 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3114 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3115 start_va = 0x1f00000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 3116 start_va = 0x2060000 end_va = 0x221ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 3117 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3118 start_va = 0x2100000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 3119 start_va = 0x2210000 end_va = 0x221ffff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 3120 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3121 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3122 start_va = 0x7fefbf10000 end_va = 0x7fefbf1afff entry_point = 0x7fefbf10000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3123 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3124 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3125 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3126 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Thread: id = 370 os_tid = 0xbc0 [0100.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f9b0 | out: lpSystemTimeAsFileTime=0x12f9b0*(dwLowDateTime=0xac6b31b0, dwHighDateTime=0x1d41a7f)) [0100.407] GetCurrentProcessId () returned 0xbbc [0100.407] GetCurrentThreadId () returned 0xbc0 [0100.407] GetTickCount () returned 0x23d9b [0100.407] QueryPerformanceCounter (in: lpPerformanceCount=0x12f9b8 | out: lpPerformanceCount=0x12f9b8*=604135972) returned 1 [0100.409] GetModuleHandleW (lpModuleName=0x0) returned 0xff380000 [0100.409] __set_app_type (_Type=0x1) [0100.409] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff3909f8) returned 0x0 [0100.410] __getmainargs (in: _Argc=0xff39aa00, _Argv=0xff39aa10, _Env=0xff39aa08, _DoWildCard=0, _StartInfo=0xff39aa1c | out: _Argc=0xff39aa00, _Argv=0xff39aa10, _Env=0xff39aa08) returned 0 [0100.410] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0100.410] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0100.446] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xff3a2e80 | out: lpWSAData=0xff3a2e80) returned 0 [0100.452] socket (af=2, type=2, protocol=0) returned 0x6c [0100.456] closesocket (s=0x6c) returned 0 [0100.456] RtlIpv4StringToAddressA () returned 0x0 [0100.457] RtlInitAnsiString (in: DestinationString=0x12f810, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") [0100.457] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f800, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") returned 0x0 [0100.457] NtOpenKey (in: KeyHandle=0x12f8d8, DesiredAccess=0x20019, ObjectAttributes=0x12f820*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x12f8d8*=0x6c) returned 0x0 [0100.457] RtlFreeAnsiString (AnsiString="\\") [0100.457] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f7e8, SourceString="DNSLookupOrder", AllocateDestinationString=0 | out: DestinationString="DNSLookupOrder") returned 0x0 [0100.457] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DNSLookupOrder", KeyValueInformationClass=0x1, KeyValueInformation=0x323980, Length=0x400, ResultLength=0x12f7e0 | out: KeyValueInformation=0x323980, ResultLength=0x12f7e0) returned 0xc0000034 [0100.457] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f7e8, SourceString="Domain", AllocateDestinationString=0 | out: DestinationString="Domain") returned 0x0 [0100.457] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="Domain", KeyValueInformationClass=0x1, KeyValueInformation=0x323980, Length=0x400, ResultLength=0x12f7e0 | out: KeyValueInformation=0x323980*(TitleIndex=0x0, Type=0x1, DataOffset=0x20, DataLength=0x2, NameLength=0xc, Name="Domain", Data=""), ResultLength=0x12f7e0) returned 0x0 [0100.457] RtlUnicodeStringToAnsiString (in: DestinationString=0x12f7f8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0100.457] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f7e8, SourceString="DhcpDomain", AllocateDestinationString=0 | out: DestinationString="DhcpDomain") returned 0x0 [0100.457] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpDomain", KeyValueInformationClass=0x1, KeyValueInformation=0x323980, Length=0x400, ResultLength=0x12f7e0 | out: KeyValueInformation=0x323980, ResultLength=0x12f7e0) returned 0xc0000034 [0100.458] RtlInitAnsiString (in: DestinationString=0x12f810, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") [0100.458] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f800, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") returned 0x0 [0100.458] NtOpenKey (in: KeyHandle=0x12f8e0, DesiredAccess=0x20019, ObjectAttributes=0x12f820*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x12f8e0*=0x0) returned 0xc0000034 [0100.458] RtlFreeAnsiString (AnsiString="\\") [0100.458] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f7e8, SourceString="SearchList", AllocateDestinationString=0 | out: DestinationString="SearchList") returned 0x0 [0100.458] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="SearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x323980, Length=0x400, ResultLength=0x12f7e0 | out: KeyValueInformation=0x323980*(TitleIndex=0x0, Type=0x1, DataOffset=0x28, DataLength=0x2, NameLength=0x14, Name="SearchList", Data=""), ResultLength=0x12f7e0) returned 0x0 [0100.458] RtlUnicodeStringToAnsiString (in: DestinationString=0x12f7f8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0100.458] RtlAnsiStringToUnicodeString (in: DestinationString=0x12f7e8, SourceString="DhcpSearchList", AllocateDestinationString=0 | out: DestinationString="DhcpSearchList") returned 0x0 [0100.458] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpSearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x323980, Length=0x400, ResultLength=0x12f7e0 | out: KeyValueInformation=0x323980, ResultLength=0x12f7e0) returned 0xc0000034 [0100.458] gethostname (in: name=0x5d5ed0, namelen=12800 | out: name="XDuwTfOno") returned 0 [0100.514] getenv (_VarName="HOME") returned 0x0 [0100.514] DnsQueryConfigAllocEx () returned 0x1bb1620 [0100.580] _vsnprintf (in: _DstBuf=0x12f790, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x11f708 | out: _DstBuf="1.0.168.192.in-addr.arpa.") returned 25 [0100.580] htons (hostshort=0x1) returned 0x100 [0100.580] htons (hostshort=0x1) returned 0x100 [0100.582] socket (af=2, type=2, protocol=0) returned 0x110 [0100.582] connect (s=0x110, name=0x1bb1640*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0100.582] send (in: s=0x110, buf=0x11f790*, len=42, flags=0 | out: buf=0x11f790*) returned 42 [0100.583] select (in: nfds=272, readfds=0x10f200, writefds=0x0, exceptfds=0x0, timeout=0x10f1d8 | out: readfds=0x10f200, writefds=0x0, exceptfds=0x0) returned 1 [0100.583] recv (in: s=0x110, buf=0x10f6f0, len=65536, flags=0 | out: buf=0x10f6f0*) returned 42 [0100.585] closesocket (s=0x110) returned 0 [0100.585] RtlIpv4AddressToStringExA () returned 0xc000000d [0100.586] DnsFreeConfigStructure () returned 0x69b1e301 [0100.586] strcpy_s (in: _Dst=0x1adf80, _DstSize=0xc, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0100.586] LocalAlloc (uFlags=0x40, uBytes=0x60) returned 0x32aba0 [0100.586] strcpy_s (in: _Dst=0xff3a3020, _DstSize=0x100, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0100.586] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x35, dwLanguageId=0x0, lpBuffer=0x12f648, nSize=0x0, Arguments=0x12f640 | out: lpBuffer="`\x9c3") returned 0x7 [0100.587] fprintf (in: _File=0x7feff2a2ab0, _Format="%-7s %s" | out: _File=0x7feff2a2ab0) returned 16 [0100.587] fprintf (in: _File=0x7feff2a2ab0, _Format="\nAddress:" | out: _File=0x7feff2a2ab0) returned 9 [0100.587] inet_ntoa (in=0x100a8c0) returned="192.168.0.1" [0100.587] fprintf (in: _File=0x7feff2a2ab0, _Format="%c %s" | out: _File=0x7feff2a2ab0) returned 13 [0100.587] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\n" | out: _File=0x7feff2a2ab0) returned 2 [0100.587] RtlIpv4StringToAddressA () returned 0x0 [0100.587] _vsnprintf (in: _DstBuf=0x12f4b0, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x11f428 | out: _DstBuf="252.0.0.224.in-addr.arpa.") returned 25 [0100.587] htons (hostshort=0x2) returned 0x200 [0100.587] htons (hostshort=0x1) returned 0x100 [0100.587] socket (af=2, type=2, protocol=0) returned 0x110 [0100.587] connect (s=0x110, name=0x32abc0*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0100.588] send (in: s=0x110, buf=0x11f4b0*, len=42, flags=0 | out: buf=0x11f4b0*) returned 42 [0100.588] select (in: nfds=272, readfds=0x10ef20, writefds=0x0, exceptfds=0x0, timeout=0x10eef8 | out: readfds=0x10ef20, writefds=0x0, exceptfds=0x0) returned 1 [0100.681] recv (in: s=0x110, buf=0x10f410, len=65536, flags=0 | out: buf=0x10f410*) returned 99 [0100.681] closesocket (s=0x110) returned 0 [0100.681] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x34, dwLanguageId=0x400, lpBuffer=0x12f5c0, nSize=0x0, Arguments=0x12f5c8 | out: lpBuffer="ð\x8f1") returned 0x39 [0100.682] CharToOemBuffA (in: lpszSrc="*** UnKnown can't find 224.0.0.252: Non-existent domain\r\n", lpszDst=0x318ff0, cchDstLength=0x39 | out: lpszDst="*** UnKnown can't find 224.0.0.252: Non-existent domain\r\n") returned 1 [0100.682] _write (in: _FileHandle=2, _Buf=0x318ff0*, _MaxCharCount=0x39 | out: _Buf=0x318ff0*) returned 57 [0100.682] LocalFree (hMem=0x318ff0) returned 0x0 [0100.682] LocalFree (hMem=0x32aba0) returned 0x0 [0100.682] exit (_Code=0) Thread: id = 372 os_tid = 0xbd4 Process: id = "30" image_name = "nslookup.exe" filename = "c:\\windows\\system32\\nslookup.exe" page_root = "0x42c04000" os_pid = "0xbd8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\nslookup.exe 255.255.255.255" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3127 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3128 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3129 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3130 start_va = 0x210000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3131 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3132 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3133 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3134 start_va = 0x7fff9000 end_va = 0x7fff9fff entry_point = 0x0 region_type = private name = "private_0x000000007fff9000" filename = "" Region: id = 3135 start_va = 0xffe10000 end_va = 0xffe36fff entry_point = 0xffe10000 region_type = mapped_file name = "nslookup.exe" filename = "\\Windows\\System32\\nslookup.exe" (normalized: "c:\\windows\\system32\\nslookup.exe") Region: id = 3136 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3137 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3138 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3139 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3140 start_va = 0x3b0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 3141 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3142 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3143 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3144 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3145 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3146 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3147 start_va = 0x1c0000 end_va = 0x1c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3148 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3149 start_va = 0x1e0000 end_va = 0x1e4fff entry_point = 0x1e0000 region_type = mapped_file name = "nslookup.exe.mui" filename = "\\Windows\\System32\\en-US\\nslookup.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\nslookup.exe.mui") Region: id = 3150 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3151 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3152 start_va = 0x4b0000 end_va = 0x637fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 3153 start_va = 0x670000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 3154 start_va = 0x680000 end_va = 0x800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 3155 start_va = 0x810000 end_va = 0x1c0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 3156 start_va = 0x1dc0000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 3157 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3158 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3159 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3160 start_va = 0x7fef7020000 end_va = 0x7fef7028fff entry_point = 0x7fef7020000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" (normalized: "c:\\windows\\system32\\wsock32.dll") Region: id = 3161 start_va = 0x7fefd2b0000 end_va = 0x7fefd30afff entry_point = 0x7fefd2b0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3162 start_va = 0x7fefd430000 end_va = 0x7fefd484fff entry_point = 0x7fefd430000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3163 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3164 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3165 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3166 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3167 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3168 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3169 start_va = 0x7feff650000 end_va = 0x7feff69cfff entry_point = 0x7feff650000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3170 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3171 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3172 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3173 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3174 start_va = 0x1e40000 end_va = 0x210efff entry_point = 0x1e40000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3175 start_va = 0x7fefce30000 end_va = 0x7fefce36fff entry_point = 0x7fefce30000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3176 start_va = 0x7fefb7d0000 end_va = 0x7fefb7e4fff entry_point = 0x7fefb7d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3177 start_va = 0x290000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 3178 start_va = 0x1c10000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 3179 start_va = 0x7fefbed0000 end_va = 0x7fefbee4fff entry_point = 0x7fefbed0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3180 start_va = 0x2d0000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 3181 start_va = 0x380000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 3182 start_va = 0x7fefbeb0000 end_va = 0x7fefbec8fff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3183 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3184 start_va = 0x7fefbf10000 end_va = 0x7fefbf1afff entry_point = 0x7fefbf10000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3185 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3186 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3187 start_va = 0x7fefb4d0000 end_va = 0x7fefb4e0fff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3188 start_va = 0x7fefb4b0000 end_va = 0x7fefb4c7fff entry_point = 0x7fefb4b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Thread: id = 373 os_tid = 0xbdc [0101.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f970 | out: lpSystemTimeAsFileTime=0x28f970*(dwLowDateTime=0xace497d0, dwHighDateTime=0x1d41a7f)) [0101.203] GetCurrentProcessId () returned 0xbd8 [0101.203] GetCurrentThreadId () returned 0xbdc [0101.203] GetTickCount () returned 0x240b7 [0101.203] QueryPerformanceCounter (in: lpPerformanceCount=0x28f978 | out: lpPerformanceCount=0x28f978*=606935014) returned 1 [0101.206] GetModuleHandleW (lpModuleName=0x0) returned 0xffe10000 [0101.206] __set_app_type (_Type=0x1) [0101.206] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffe209f8) returned 0x0 [0101.206] __getmainargs (in: _Argc=0xffe2aa00, _Argv=0xffe2aa10, _Env=0xffe2aa08, _DoWildCard=0, _StartInfo=0xffe2aa1c | out: _Argc=0xffe2aa00, _Argv=0xffe2aa10, _Env=0xffe2aa08) returned 0 [0101.206] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0101.206] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0101.207] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xffe32e80 | out: lpWSAData=0xffe32e80) returned 0 [0101.213] socket (af=2, type=2, protocol=0) returned 0x6c [0101.215] closesocket (s=0x6c) returned 0 [0101.215] RtlIpv4StringToAddressA () returned 0x0 [0101.215] RtlInitAnsiString (in: DestinationString=0x28f7d0, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") [0101.215] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7c0, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters") returned 0x0 [0101.215] NtOpenKey (in: KeyHandle=0x28f898, DesiredAccess=0x20019, ObjectAttributes=0x28f7e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x28f898*=0x6c) returned 0x0 [0101.215] RtlFreeAnsiString (AnsiString="\\") [0101.216] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7a8, SourceString="DNSLookupOrder", AllocateDestinationString=0 | out: DestinationString="DNSLookupOrder") returned 0x0 [0101.216] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DNSLookupOrder", KeyValueInformationClass=0x1, KeyValueInformation=0x3d3990, Length=0x400, ResultLength=0x28f7a0 | out: KeyValueInformation=0x3d3990, ResultLength=0x28f7a0) returned 0xc0000034 [0101.216] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7a8, SourceString="Domain", AllocateDestinationString=0 | out: DestinationString="Domain") returned 0x0 [0101.216] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="Domain", KeyValueInformationClass=0x1, KeyValueInformation=0x3d3990, Length=0x400, ResultLength=0x28f7a0 | out: KeyValueInformation=0x3d3990*(TitleIndex=0x0, Type=0x1, DataOffset=0x20, DataLength=0x2, NameLength=0xc, Name="Domain", Data=""), ResultLength=0x28f7a0) returned 0x0 [0101.216] RtlUnicodeStringToAnsiString (in: DestinationString=0x28f7b8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0101.216] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7a8, SourceString="DhcpDomain", AllocateDestinationString=0 | out: DestinationString="DhcpDomain") returned 0x0 [0101.216] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpDomain", KeyValueInformationClass=0x1, KeyValueInformation=0x3d3990, Length=0x400, ResultLength=0x28f7a0 | out: KeyValueInformation=0x3d3990, ResultLength=0x28f7a0) returned 0xc0000034 [0101.216] RtlInitAnsiString (in: DestinationString=0x28f7d0, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") [0101.216] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7c0, SourceString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", AllocateDestinationString=1 | out: DestinationString="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient") returned 0x0 [0101.216] NtOpenKey (in: KeyHandle=0x28f8a0, DesiredAccess=0x20019, ObjectAttributes=0x28f7e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x28f8a0*=0x0) returned 0xc0000034 [0101.216] RtlFreeAnsiString (AnsiString="\\") [0101.216] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7a8, SourceString="SearchList", AllocateDestinationString=0 | out: DestinationString="SearchList") returned 0x0 [0101.216] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="SearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x3d3990, Length=0x400, ResultLength=0x28f7a0 | out: KeyValueInformation=0x3d3990*(TitleIndex=0x0, Type=0x1, DataOffset=0x28, DataLength=0x2, NameLength=0x14, Name="SearchList", Data=""), ResultLength=0x28f7a0) returned 0x0 [0101.217] RtlUnicodeStringToAnsiString (in: DestinationString=0x28f7b8, SourceString="", AllocateDestinationString=0 | out: DestinationString="") returned 0x0 [0101.217] RtlAnsiStringToUnicodeString (in: DestinationString=0x28f7a8, SourceString="DhcpSearchList", AllocateDestinationString=0 | out: DestinationString="DhcpSearchList") returned 0x0 [0101.217] NtQueryValueKey (in: KeyHandle=0x6c, ValueName="DhcpSearchList", KeyValueInformationClass=0x1, KeyValueInformation=0x3d3990, Length=0x400, ResultLength=0x28f7a0 | out: KeyValueInformation=0x3d3990, ResultLength=0x28f7a0) returned 0xc0000034 [0101.217] gethostname (in: name=0x675ed0, namelen=12800 | out: name="XDuwTfOno") returned 0 [0101.232] getenv (_VarName="HOME") returned 0x0 [0101.232] DnsQueryConfigAllocEx () returned 0x1dc1620 [0101.253] _vsnprintf (in: _DstBuf=0x28f750, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x27f6c8 | out: _DstBuf="1.0.168.192.in-addr.arpa.") returned 25 [0101.253] htons (hostshort=0x1) returned 0x100 [0101.253] htons (hostshort=0x1) returned 0x100 [0101.266] socket (af=2, type=2, protocol=0) returned 0x110 [0101.266] connect (s=0x110, name=0x1dc1640*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0101.266] send (in: s=0x110, buf=0x27f750*, len=42, flags=0 | out: buf=0x27f750*) returned 42 [0101.267] select (in: nfds=272, readfds=0x26f1c0, writefds=0x0, exceptfds=0x0, timeout=0x26f198 | out: readfds=0x26f1c0, writefds=0x0, exceptfds=0x0) returned 1 [0101.268] recv (in: s=0x110, buf=0x26f6b0, len=65536, flags=0 | out: buf=0x26f6b0*) returned 42 [0101.268] closesocket (s=0x110) returned 0 [0101.268] RtlIpv4AddressToStringExA () returned 0xc000000d [0101.268] DnsFreeConfigStructure () returned 0x4eff0301 [0101.269] strcpy_s (in: _Dst=0xcdfb0, _DstSize=0xc, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0101.269] LocalAlloc (uFlags=0x40, uBytes=0x60) returned 0x3dabb0 [0101.269] strcpy_s (in: _Dst=0xffe33020, _DstSize=0x100, _Src="UnKnown" | out: _Dst="UnKnown") returned 0x0 [0101.269] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x35, dwLanguageId=0x0, lpBuffer=0x28f608, nSize=0x0, Arguments=0x28f600 | out: lpBuffer="p\x9c>") returned 0x7 [0101.269] fprintf (in: _File=0x7feff2a2ab0, _Format="%-7s %s" | out: _File=0x7feff2a2ab0) returned 16 [0101.269] fprintf (in: _File=0x7feff2a2ab0, _Format="\nAddress:" | out: _File=0x7feff2a2ab0) returned 9 [0101.269] inet_ntoa (in=0x100a8c0) returned="192.168.0.1" [0101.270] fprintf (in: _File=0x7feff2a2ab0, _Format="%c %s" | out: _File=0x7feff2a2ab0) returned 13 [0101.270] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\n" | out: _File=0x7feff2a2ab0) returned 2 [0101.270] RtlIpv4StringToAddressA () returned 0x0 [0101.270] _vsnprintf (in: _DstBuf=0x28f470, _MaxCount=0x1e, _Format="%u.%u.%u.%u.in-addr.arpa.", _ArgList=0x27f3e8 | out: _DstBuf="255.255.255.255.in-addr.arpa.") returned 29 [0101.270] htons (hostshort=0x2) returned 0x200 [0101.270] htons (hostshort=0x1) returned 0x100 [0101.270] socket (af=2, type=2, protocol=0) returned 0x110 [0101.270] connect (s=0x110, name=0x3dabd0*(sa_family=2, sin_port=0x35, sin_addr="192.168.0.1"), namelen=16) returned 0 [0101.270] send (in: s=0x110, buf=0x27f470*, len=46, flags=0 | out: buf=0x27f470*) returned 46 [0101.271] select (in: nfds=272, readfds=0x26eee0, writefds=0x0, exceptfds=0x0, timeout=0x26eeb8 | out: readfds=0x26eee0, writefds=0x0, exceptfds=0x0) returned 1 [0101.271] recv (in: s=0x110, buf=0x26f3d0, len=65536, flags=0 | out: buf=0x26f3d0*) returned 105 [0101.271] closesocket (s=0x110) returned 0 [0101.271] htons (hostshort=0x100) returned 0x1 [0101.271] htons (hostshort=0x0) returned 0x0 [0101.271] htons (hostshort=0x100) returned 0x1 [0101.271] htons (hostshort=0x0) returned 0x0 [0101.271] htons (hostshort=0x100) returned 0x1 [0101.271] htons (hostshort=0x0) returned 0x0 [0101.271] fputs (in: _Str="255.255.255.255.in-addr.arpa", _File=0x7feff2a2ab0 | out: _File=0x7feff2a2ab0) returned 0 [0101.271] fputc (in: _Ch=10, _File=0x7feff2a2ab0 | out: _File=0x7feff2a2ab0) returned 10 [0101.271] fprintf (in: _File=0x7feff2a2ab0, _Format="\x09primary name server = " | out: _File=0x7feff2a2ab0) returned 23 [0101.271] fputs (in: _Str="localhost", _File=0x7feff2a2ab0 | out: _File=0x7feff2a2ab0) returned 0 [0101.271] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\x09responsible mail addr = " | out: _File=0x7feff2a2ab0) returned 26 [0101.272] fputs (in: _Str="nobody.invalid", _File=0x7feff2a2ab0 | out: _File=0x7feff2a2ab0) returned 0 [0101.272] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\x09serial = %lu" | out: _File=0x7feff2a2ab0) returned 13 [0101.272] sprintf_s (in: _DstBuf=0xffe32138, _DstSize=0x28, _Format="%d hour%s" | out: _DstBuf="1 hour") returned 6 [0101.272] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\x09refresh = %lu (%s)" | out: _File=0x7feff2a2ab0) returned 25 [0101.272] sprintf_s (in: _DstBuf=0xffe32138, _DstSize=0x28, _Format="%d min%s" | out: _DstBuf="20 mins") returned 7 [0101.272] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\x09retry = %lu (%s)" | out: _File=0x7feff2a2ab0) returned 26 [0101.272] sprintf_s (in: _DstBuf=0xffe32138, _DstSize=0x28, _Format="%d day%s" | out: _DstBuf="7 days") returned 6 [0101.272] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\x09expire = %lu (%s)" | out: _File=0x7feff2a2ab0) returned 27 [0101.272] sprintf_s (in: _DstBuf=0xffe32138, _DstSize=0x28, _Format="%d hour%s" | out: _DstBuf="3 hours") returned 7 [0101.272] fprintf (in: _File=0x7feff2a2ab0, _Format="\n\x09default TTL = %lu (%s)\n" | out: _File=0x7feff2a2ab0) returned 32 [0101.393] htons (hostshort=0x100) returned 0x1 [0101.393] htons (hostshort=0x0) returned 0x0 [0101.393] htons (hostshort=0x100) returned 0x1 [0101.393] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x32, dwLanguageId=0x400, lpBuffer=0x28f580, nSize=0x0, Arguments=0x28f588 | out: lpBuffer="Ъ=") returned 0x66 [0101.393] CharToOemBuffA (in: lpszSrc="*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for 255.255.255.255\r\n", lpszDst=0x3daad0, cchDstLength=0x66 | out: lpszDst="*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for 255.255.255.255\r\n") returned 1 [0101.393] _write (in: _FileHandle=2, _Buf=0x3daad0*, _MaxCharCount=0x66 | out: _Buf=0x3daad0*) returned 102 [0101.394] LocalFree (hMem=0x3daad0) returned 0x0 [0101.394] LocalFree (hMem=0x3dabb0) returned 0x0 [0101.394] exit (_Code=0) Thread: id = 374 os_tid = 0xbec Process: id = "31" image_name = "net.exe" filename = "c:\\windows\\system32\\net.exe" page_root = "0x429ca000" os_pid = "0xbf0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xad8" cmd_line = "C:\\Windows\\system32\\net.exe view igmp.mcast.net" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3223 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3224 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3225 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3226 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3227 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3228 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3229 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3230 start_va = 0x7fffa000 end_va = 0x7fffafff entry_point = 0x0 region_type = private name = "private_0x000000007fffa000" filename = "" Region: id = 3231 start_va = 0xffd40000 end_va = 0xffd5bfff entry_point = 0xffd40000 region_type = mapped_file name = "net.exe" filename = "\\Windows\\System32\\net.exe" (normalized: "c:\\windows\\system32\\net.exe") Region: id = 3232 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3233 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3234 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3235 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3236 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3237 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3238 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3239 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3240 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3241 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3242 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3243 start_va = 0x380000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 3244 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3245 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3246 start_va = 0x7fef7020000 end_va = 0x7fef7031fff entry_point = 0x7fef7020000 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 3247 start_va = 0x7fefaaa0000 end_va = 0x7fefaab7fff entry_point = 0x7fefaaa0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 3248 start_va = 0x7fefb650000 end_va = 0x7fefb65afff entry_point = 0x7fefb650000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3249 start_va = 0x7fefb660000 end_va = 0x7fefb686fff entry_point = 0x7fefb660000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3250 start_va = 0x7fefbd70000 end_va = 0x7fefbd83fff entry_point = 0x7fefbd70000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 3251 start_va = 0x7fefbd90000 end_va = 0x7fefbda4fff entry_point = 0x7fefbd90000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 3252 start_va = 0x7fefbdb0000 end_va = 0x7fefbdbbfff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 3253 start_va = 0x7fefd990000 end_va = 0x7fefd9b2fff entry_point = 0x7fefd990000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 3254 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3255 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3256 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3257 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3258 start_va = 0x7feff720000 end_va = 0x7feff727fff entry_point = 0x7feff720000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3267 start_va = 0x1c0000 end_va = 0x1c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3268 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 3269 start_va = 0x500000 end_va = 0x8f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3270 start_va = 0x9b0000 end_va = 0xa2ffff entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 3271 start_va = 0x75610000 end_va = 0x75611fff entry_point = 0x75610000 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 3272 start_va = 0x7fef9100000 end_va = 0x7fef910efff entry_point = 0x7fef9100000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 3273 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Thread: id = 376 os_tid = 0xbf4 Thread: id = 398 os_tid = 0x85c Process: id = "32" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x251c2000" os_pid = "0x86c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k secsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WinDefend" [0xe], "NT AUTHORITY\\Logon Session 00000000:00050990" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3274 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3275 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3276 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3277 start_va = 0xb0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3278 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3279 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3280 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3281 start_va = 0xff470000 end_va = 0xff47afff entry_point = 0xff470000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 3282 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3283 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3284 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3285 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3286 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 3287 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3288 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3289 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3290 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3291 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3292 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3293 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 3294 start_va = 0x130000 end_va = 0x196fff entry_point = 0x130000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3295 start_va = 0x330000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 3296 start_va = 0x470000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3297 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 3298 start_va = 0x530000 end_va = 0x5effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 3299 start_va = 0x5f0000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 3300 start_va = 0x740000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 3301 start_va = 0x7c0000 end_va = 0xa8efff entry_point = 0x7c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3302 start_va = 0xa90000 end_va = 0xc17fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 3303 start_va = 0xc20000 end_va = 0xda0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 3304 start_va = 0xdb0000 end_va = 0x11a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000db0000" filename = "" Region: id = 3305 start_va = 0x74440000 end_va = 0x74442fff entry_point = 0x74440000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 3306 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3307 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3308 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3309 start_va = 0x7fef3f00000 end_va = 0x7fef3ffafff entry_point = 0x7fef3f00000 region_type = mapped_file name = "mpsvc.dll" filename = "\\Program Files\\Windows Defender\\MpSvc.dll" (normalized: "c:\\program files\\windows defender\\mpsvc.dll") Region: id = 3310 start_va = 0x7fef43e0000 end_va = 0x7fef446ffff entry_point = 0x7fef43e0000 region_type = mapped_file name = "mpclient.dll" filename = "\\Program Files\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files\\windows defender\\mpclient.dll") Region: id = 3311 start_va = 0x7fef8fa0000 end_va = 0x7fef8faffff entry_point = 0x7fef8fa0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 3312 start_va = 0x7fefbef0000 end_va = 0x7fefbf00fff entry_point = 0x7fefbef0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3313 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3314 start_va = 0x7fefcf40000 end_va = 0x7fefcf5dfff entry_point = 0x7fefcf40000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3315 start_va = 0x7fefdba0000 end_va = 0x7fefdbaefff entry_point = 0x7fefdba0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3316 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3317 start_va = 0x7fefdc50000 end_va = 0x7fefdc89fff entry_point = 0x7fefdc50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3318 start_va = 0x7fefdcb0000 end_va = 0x7fefde16fff entry_point = 0x7fefdcb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3319 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3320 start_va = 0x7fefe180000 end_va = 0x7fefef07fff entry_point = 0x7fefe180000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3321 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3322 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3323 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3324 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3325 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3326 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3327 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3328 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3329 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3330 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3331 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3332 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3333 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3334 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3391 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 3392 start_va = 0x1280000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 3393 start_va = 0x1320000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 3394 start_va = 0x7fefcf20000 end_va = 0x7fefcf3afff entry_point = 0x7fefcf20000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3395 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Thread: id = 399 os_tid = 0x858 Thread: id = 400 os_tid = 0x860 Thread: id = 401 os_tid = 0x854 Thread: id = 402 os_tid = 0x66c Thread: id = 407 os_tid = 0x878 Thread: id = 416 os_tid = 0x7b4 Process: id = "33" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x207a3000" os_pid = "0x87c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000104d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3342 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3343 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3344 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 3345 start_va = 0x77c50000 end_va = 0x77df8fff entry_point = 0x77c50000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3346 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3347 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3348 start_va = 0xff440000 end_va = 0xff453fff entry_point = 0xff440000 region_type = mapped_file name = "taskhost.exe" filename = "\\Windows\\System32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe") Region: id = 3349 start_va = 0x7fefff70000 end_va = 0x7fefff70fff entry_point = 0x7fefff70000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3350 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3351 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3352 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3353 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3354 start_va = 0x77a30000 end_va = 0x77b4efff entry_point = 0x77a30000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3355 start_va = 0x7fefde60000 end_va = 0x7fefdecafff entry_point = 0x7fefde60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3356 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3357 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3358 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3359 start_va = 0xb0000 end_va = 0xb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 3360 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3361 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3362 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 3363 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3364 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3365 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 3366 start_va = 0x820000 end_va = 0x1c1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 3367 start_va = 0x1c20000 end_va = 0x2012fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c20000" filename = "" Region: id = 3368 start_va = 0x20a0000 end_va = 0x211ffff entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 3369 start_va = 0x21a0000 end_va = 0x221ffff entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 3370 start_va = 0x77b50000 end_va = 0x77c49fff entry_point = 0x77b50000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3371 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3372 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3373 start_va = 0x7fefda90000 end_va = 0x7fefda9efff entry_point = 0x7fefda90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3374 start_va = 0x7fefdf70000 end_va = 0x7fefe172fff entry_point = 0x7fefdf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3375 start_va = 0x7fefefb0000 end_va = 0x7feff0dcfff entry_point = 0x7fefefb0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3376 start_va = 0x7feff210000 end_va = 0x7feff2aefff entry_point = 0x7feff210000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3377 start_va = 0x7feff2b0000 end_va = 0x7feff38afff entry_point = 0x7feff2b0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3378 start_va = 0x7feff390000 end_va = 0x7feff3aefff entry_point = 0x7feff390000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3379 start_va = 0x7feff3b0000 end_va = 0x7feff3bdfff entry_point = 0x7feff3b0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3380 start_va = 0x7feff3c0000 end_va = 0x7feff3edfff entry_point = 0x7feff3c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3381 start_va = 0x7feff910000 end_va = 0x7feff976fff entry_point = 0x7feff910000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3382 start_va = 0x7feffa00000 end_va = 0x7feffb08fff entry_point = 0x7feffa00000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3383 start_va = 0x7feffb10000 end_va = 0x7feffbe6fff entry_point = 0x7feffb10000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3384 start_va = 0x7feffe90000 end_va = 0x7fefff58fff entry_point = 0x7feffe90000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3385 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3386 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3387 start_va = 0x7fefc4c0000 end_va = 0x7fefc515fff entry_point = 0x7fefc4c0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3388 start_va = 0x1b0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3389 start_va = 0x2220000 end_va = 0x22fefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 3390 start_va = 0x7fefc090000 end_va = 0x7fefc0a7fff entry_point = 0x7fefc090000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3396 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3397 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 3398 start_va = 0x2020000 end_va = 0x209ffff entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 3399 start_va = 0x2310000 end_va = 0x238ffff entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 3400 start_va = 0x23b0000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 3401 start_va = 0x25a0000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 3402 start_va = 0x7fefaa60000 end_va = 0x7fefaa78fff entry_point = 0x7fefaa60000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 3403 start_va = 0x7fefef10000 end_va = 0x7fefefa8fff entry_point = 0x7fefef10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3404 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3405 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3406 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3407 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 3408 start_va = 0x2120000 end_va = 0x219ffff entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 3409 start_va = 0x7fef46b0000 end_va = 0x7fef46e2fff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rstrtmgr.dll" filename = "\\Windows\\System32\\RstrtMgr.dll" (normalized: "c:\\windows\\system32\\rstrtmgr.dll") Region: id = 3410 start_va = 0x7fef7020000 end_va = 0x7fef7037fff entry_point = 0x7fef7020000 region_type = mapped_file name = "radarrs.dll" filename = "\\Windows\\System32\\radarrs.dll" (normalized: "c:\\windows\\system32\\radarrs.dll") Region: id = 3411 start_va = 0x7fef7530000 end_va = 0x7fef75abfff entry_point = 0x7fef7530000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3412 start_va = 0x7fefc670000 end_va = 0x7fefc863fff entry_point = 0x7fefc670000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 3413 start_va = 0x7fefcd60000 end_va = 0x7fefcd6bfff entry_point = 0x7fefcd60000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3414 start_va = 0x7fefd600000 end_va = 0x7fefd621fff entry_point = 0x7fefd600000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3415 start_va = 0x7fefd630000 end_va = 0x7fefd67dfff entry_point = 0x7fefd630000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 3416 start_va = 0x7fefdc40000 end_va = 0x7fefdc4efff entry_point = 0x7fefdc40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3417 start_va = 0x7fefe180000 end_va = 0x7fefef07fff entry_point = 0x7fefe180000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3418 start_va = 0x7feff980000 end_va = 0x7feff9f0fff entry_point = 0x7feff980000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3419 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Thread: id = 409 os_tid = 0x460 Thread: id = 410 os_tid = 0x530 Thread: id = 411 os_tid = 0x5e4 Thread: id = 413 os_tid = 0x820 Thread: id = 414 os_tid = 0x580 Thread: id = 415 os_tid = 0x7bc Thread: id = 417 os_tid = 0x7c4